0009862: Incosistency between UserManagementType property description and Nodeset

ID	Project	Category	View Status	Date Submitted	Last Update

0009862	10000-018: Role-Based Security	Spec	public	2024-09-25 12:20	2024-09-26 11:35

Reporter	Matthias Damm	Assigned To	Matthias Damm
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	fixed
Product Version	1.05.03
Fixed in Version	1.05.04

Summary	0009862: Incosistency between UserManagementType property description and Nodeset
Description	The UserManagementType defines: The Properties and Methods of the UserManagementType contain sensitive security related information and shall only be readable and callable by authorized administrators through an encrypted channel. The only exception is the ChangePassword Method. It requires an encrypted channel but it can be called by the Session user if the user token type for the Session is not USERNAME. The nodeset makes the properties PasswordLength, PasswordOptions, PasswordRestrictions readable to Anonymous. The nodeset makes more sense since the information is needed for ChangePassword and the Method may be called by a Session that has the Anonymous Role only.
Tags	No tags attached.

Commit Version
Fix Due Date

Date Modified	Username	Field	Change
2024-09-25 12:20	Matthias Damm	New Issue
2024-09-26 08:53	Matthias Damm	Assigned To	=> Matthias Damm
2024-09-26 08:53	Matthias Damm	Status	new => resolved
2024-09-26 08:53	Matthias Damm	Resolution	open => fixed
2024-09-26 08:53	Matthias Damm	Fixed in Version	=> 1.05.04
2024-09-26 08:53	Matthias Damm	Note Added: 0021806
2024-09-26 11:35	Jim Luth	Status	resolved => closed
2024-09-26 11:35	Jim Luth	Note Added: 0021815

Matthias Damm 2024-09-26 08:53 developer ~0021806	Reduced the security requirement to Property Users and the Methos

Jim Luth 2024-09-26 11:35 administrator ~0021815	Agreed to changes edited in F2F.