The check box «Set permissions for new objects» should only be selected for the FullAccess role (SetPermissionsForNewObjects)¶
| Type | Scope | Severity | Activated by default |
Minutes to fix |
Tags |
|---|---|---|---|---|---|
Vulnerability |
BSL |
Critical |
Yes |
1 |
standardbadpracticedesign |
Parameters¶
| Name | Type | Description | Default value |
|---|---|---|---|
namesFullAccessRole |
String |
Name of the role with full rights |
FullAccess,ПолныеПрава |
Description¶
When adding a new role, the "Set permissions for new objects" attribute may be set incorrectly, which will lead to the accumulation of rights in this role for all objects added after it and extra rights for users with this role.
Examples¶
Sources¶
Snippets¶
Diagnostic ignorance in code¶
// BSLLS:SetPermissionsForNewObjects-off
// BSLLS:SetPermissionsForNewObjects-on
Parameter for config¶
"SetPermissionsForNewObjects": {
"namesFullAccessRole": "FullAccess,ПолныеПрава"
}