Avatar

Correct answer by
Community Advisor

Hi,

 

A package management right would effectively grant root access, e.g. a user could make a package:

<package author="Z3r0 c00l" buildNumber="1" buildVersion="6.7">
  <entities schema="xtk:operatorGroup">
    <operatorGroup>
      <group name="admin"/>
      <operator name="myselfThanks"/>
    </operatorGroup>
  </entities>
</package>

And upgrade their account without any real effort.

 

So with security removed as a requirement, it's a matter altering the UI to check for the new rights:

  • Navigation hierarchy for package import menu item, HasNamedRight('PACKAGE_IMPORT')
  • JSSP/js lib for offer validation

 

Thanks,

-Jon

 

View solution in original post