Sign As member is a bit vulnerable

PatrickRQ · April 25, 2022

Hello,

We have different levels of permissions in our admin structure. I want to provide support of signing as other member to specific users but problem is they can sign as highest admin account. There should be setting to block specific users/groups from ability of signing as.

Randy Calvert · April 25, 2022

If you create an unrestricted admin, they'll have permission to access the function and anything else.

You want to create a restricted admin and grant the specific member privilege to sign in as a member.

ACP > Members > Staff > Administrators

Choose the person or group... set them as a RESTRICTED permission set, then go through what permissions they should have. To sign in as a member, choose "Can sign in as members".

Marc · April 26, 2022

What you are saying there however is correct. If someone is given the ability to sign in as members, they will indeed have the ability to sign in as any member. Please feel free to add suggestions for changes on this within our suggestions area

PatrickRQ · April 26, 2022

@Randy Calvert, it won't help. Using restricted access is designed to use specific admin permissions for specific member or group. Problem here is the "Sign as member" privilege which allows to sign as any member. let's say you give "assign as member" to your super mods or junior admins - they will be able to login as you - his majesty the king ^^

PatrickRQ · April 26, 2022

@Marc Stridgen, feel free to move the topic to suggestions, no point to duplicate it.

Marc · April 26, 2022

Done 🙂

PatrickRQ · June 15, 2022

Can you address this issue in next update? please

Marc · June 15, 2022

39 minutes ago, PatrickRQ said:

Can you address this issue in next update? please

We cannot guarentee when or even if a suggestion will make it to a final release unfortunately. I can tell you it certainly wont be in 4.7 as that is already in beta

Dll · June 15, 2022

On 4/26/2022 at 9:04 AM, PatrickRQ said:

@Randy Calvert, it won't help. Using restricted access is designed to use specific admin permissions for specific member or group. Problem here is the "Sign as member" privilege which allows to sign as any member. let's say you give "assign as member" to your super mods or junior admins - they will be able to login as you - his majesty the king ^^

Thing is, if you're concerned that by logging in as you they could do bad things, I wonder why you'd trust them to login as anyone, or indeed to login to the ACP at all?

Marc · June 15, 2022

1 minute ago, Dll said:

Thing is, if you're concerned that by logging in as you they could do bad things, I wonder why you'd trust them to login as anyone, or indeed to login to the ACP at all?

I would tend to agree. You should be allowing only people you trust to access these areas

Sonya* · June 15, 2022

32 minutes ago, Dll said:

I wonder why you'd trust them to login as anyone

Use case: moderator logs in as member to investigate the reported issue. Helpful to distinguish if the issue is reproducable e. g. permissions issue. Or if not, then probably browser-based. This helps to instruct the user further.

Indeed the moderator should be able to login as member only, not as other moderator and not as admin.

Dll · June 15, 2022

22 minutes ago, Sonya* said:

Use case: moderator logs in as member to investigate the reported issue. Helpful to distinguish if the issue is reproducable e. g. permissions issue. Or if not, then probably browser-based. This helps to instruct the user further.

Indeed the moderator should be able to login as member only, not as other moderator and not as admin.

But, if you look at it as if you're a member of that community - if someone is going to be able to login as me, then I expect that person to be trustworthy. If the owner of the community doesn't trust them to login to their account, why should I trust that person to login to my account?

Edited June 15, 2022 by Dll

Sonya* · June 15, 2022

1 minute ago, Dll said:

If the owner of the community doesn't trust them to login to their account, why should I trust that person to login to my account?

I do trust my moderators to login into member accounts to investigate the issues. But I do not want them to look into AdminCP with full permission:

they should not be able to change something by accident, as they are technically unexperienced
they should not be able to see payment history as this is not their business 😉

Marc · June 15, 2022

I think the point here is that the setting itself is not vulnerable. It does exactly what it says it does. The only thing that is vulnerable is the fact the person has been given those permissions. We have a suggestion in here for that to change, and I can certainly see your points there. However, as it stands at present, it would be wise not to set permissions for moderators based on how you believe it should work in the future.

Dll · June 15, 2022

1 hour ago, Sonya* said:

I do trust my moderators to login into member accounts to investigate the issues. But I do not want them to look into AdminCP with full permission:

they should not be able to change something by accident, as they are technically unexperienced

they should not be able to see payment history as this is not their business 😉

That's different to the original question and your original post though. The original point was allowing staff to log in as one user but not as another one. That's not related to technical proficiency or the chance of them making a mistake, that's purely related to whether you trust them or not, in my opinion.

Particularly bearing in mind that just because a super-mod could log in as an admin, it still wouldn't mean they had full access to the acp, as that's separate, as far as I'm aware.

Edited June 15, 2022 by Dll

PatrickRQ · August 26, 2022

@Marc Stridgen Can you please address this "issue" in upcoming update?

Randy Calvert · August 26, 2022

There typically is not comments by staff on feature requests statuses. Simply watch the release notes to see if it was added.

Asking for “updates” generally does not help.

If this did super important to you, it’s most likely better to engage a 3rd party resource developer to implement on a custom basis for your community.

PatrickRQ · August 29, 2022

I keep asking as I still treat it as vulnerability, even IPS does not 🙂

opentype · August 29, 2022

By the way: if this is functionality is ever being changed, I would also suggest to add other options, like removing access to personal messages, which are “personal” by definition and not something moderators should ever get access to. Frankly, I wouldn’t mind having that functionality removed altogether. I would feel much better if I could tell my members “there is no easy way to access messages” than to say “It’s actually super easy, but trust me, I am not going to (mis-)use it”.

Edited August 29, 2022 by opentype

Nathan Explosion · August 29, 2022

Invision Community 4: SEO, prepare for v5 and dormant account notifications

Invision Community 5: Beta testing and latest updates

Invision Community 4: A more professional report center

Invision Community 5: A video walkthrough creating a custom theme and homepage

Sign As member is a bit vulnerable

Recommended Posts

PatrickRQ

Randy Calvert

Marc

PatrickRQ

PatrickRQ

Marc

PatrickRQ

Marc

Dll

Marc

Sonya*

Dll

Sonya*

Marc

Dll

PatrickRQ

Randy Calvert

PatrickRQ

opentype

Nathan Explosion

Recently Browsing 0 members

More