Request: separate privileges for add/remove a user to Entities
I have found that it is possible to, effectively, shut-out a user of the Super-Admin Profile, by a lesser privilege account under the Admin Profile. Using two of the accounts below, glpi and su-sbirl:
With the following privileges under the "Administration" tab for each respective Profile:
When I login as 'su-sbirl', I can go into Users, click on the 'glpi' user and go to the Authorizations tab. From there I can check the box for "Root entity", go to Actions and proceed with "Delete permanently the relation with selected elements"
By removing that Entity,
The Super-Admin, glpi, can no longer log in:
I can think of some work-arounds to prevent this, but I wonder if there should be additional privileges for adding a user to an Entity as well as removing a user from an Entity.
Customer support service by UserEcho