Bug #5670
open
Repo-level administrators can usurp owner of repoistory
0%
Description
Not sure if this is a bug or a feature, but what I have found out is that any admins designated to be just a repo-level administrator (no repo group level admin and not super-admin), can modify the ownership of the repository to someone else. Even though in the access control page, the owners's rights looks unmodifiable.
Updated by Marcin Kuzminski [CTO] almost 3 years ago
If you're an admin of repository you have right to modify all their settings including ownership information. Would you feel only owner, or super-admins should be able to change the ownership ?
Updated by Yechen Qiao about 1 year ago
Marcin Kuzminski [CTO] wrote in #note-1:
If you're an admin of repository you have right to modify all their settings including ownership information. Would you feel only owner, or super-admins should be able to change the ownership ?
I think the key to this answer is: are there any permissions that can only be done by owner that regular admin do not have. For example, would regular administrators be able to delete repository.
If for example only owner can delete repository, and admin cannot. Then it can be argued that it's a potential of escalation of privilege through the admin screen that admins can obtain a higher level privilege to access an action the original designer of the permission table may not have anticipated.