U4-2792 - Some Users Can't See Some Other Users

Created by Nicholas Westby 04 Sep 2013, 18:41:27 Updated by Tim Woodward 20 Jun 2018, 12:18:31

I installed Umbraco with the user, "Nicholas Westby" (login of "Nick"). Later, I created another user, "Administrator" (I then renamed the login to "admin", but didn't change the username). They have identical permissions (both Administrators, but have access to all sections aside from "Translation", and all other fields aside from "Email" are identical).

When I log in as Nick, I can go to "Users" and expand "Users" to see both "Administrator" and "Nicholas Westby". However, when I log in as admin and navigate to the same place, I can only see the user "Administrator". I don't see why the admin login wouldn't be able to see the Nick login.

Note that I'm using SQL Server CE. Here are the contents of the umbracoUser table (excluding the password and email): id userDisabled userNoConsole userType startStructureID startMediaID userName userLogin userDefaultPermissions userLanguage defaultToLiveEditing 0 False False 1 -1 -1 Nicholas Westby Nick NULL en False 1 False False 1 -1 -1 Administrator admin NULL en False

Comments

Can Koluman 03 Feb 2014, 11:57:53

This only affects the user with id=0, who is set-up as the Admin user by default. It constitutes a potential security flaw as the user with id 0 (Admin) is not visible to other Admin Users. Would be good to get it fixed.


Shannon Deminick 21 Jun 2017, 07:59:21

Closing issue due to inactivity - see blog post for details https://umbraco.com/blog/issue-tracker-cleanup/


Tim Woodward 20 Jun 2018, 12:18:31

I would like to reopen this issue. I had an Umbraco installation done by a developer who left the company. There was no way for me to disable/remove their access without modifying the database as the original (ID=0) admin account does not show up in the user section. You ought to be able to "control" all users through the interface lest the original admin account gets forgotten about.


Priority: Normal

Type: Bug

State: Open

Assignee:

Difficulty: Normal

Category:

Backwards Compatible: True

Fix Submitted:

Affected versions:

Due in version:

Sprint:

Story Points:

Cycle: