Hello everyone,

I have a role manager that is able to assign/remove/view user's role.
The role manager is able to do all three actions. However when clicking
the "save" button after performing any one of the three operations, the
role manager is receiving a small alert message stating: "Error you are
not authorized for this operation".
I found the that to overcome this alert message the role manager has to
have an additional permission "Update Role and Role Relationship".
However this permission is seen as a vulnerability as the role manager
has the ability to modify the resources and role relationship of the
role; an ability which we do not want to allow. Hence do you guys know
of a way to overcome the error message without granting this additional
permission. Any help will be great.


Dev_Sav's Profile: https://forums.netiq.com/member.php?userid=1130
View this thread: https://forums.netiq.com/showthread.php?t=42641