We have moved to GitHub Issues
Created by Nicholas Westby 04 Sep 2013, 18:41:27 Updated by Tim Woodward 20 Jun 2018, 12:18:31
I installed Umbraco with the user, "Nicholas Westby" (login of "Nick"). Later, I created another user, "Administrator" (I then renamed the login to "admin", but didn't change the username). They have identical permissions (both Administrators, but have access to all sections aside from "Translation", and all other fields aside from "Email" are identical).
When I log in as Nick, I can go to "Users" and expand "Users" to see both "Administrator" and "Nicholas Westby". However, when I log in as admin and navigate to the same place, I can only see the user "Administrator". I don't see why the admin login wouldn't be able to see the Nick login.
Note that I'm using SQL Server CE. Here are the contents of the umbracoUser table (excluding the password and email): id userDisabled userNoConsole userType startStructureID startMediaID userName userLogin userDefaultPermissions userLanguage defaultToLiveEditing 0 False False 1 -1 -1 Nicholas Westby Nick NULL en False 1 False False 1 -1 -1 Administrator admin NULL en False
This only affects the user with id=0, who is set-up as the Admin user by default. It constitutes a potential security flaw as the user with id 0 (Admin) is not visible to other Admin Users. Would be good to get it fixed.
Closing issue due to inactivity - see blog post for details https://umbraco.com/blog/issue-tracker-cleanup/
I would like to reopen this issue. I had an Umbraco installation done by a developer who left the company. There was no way for me to disable/remove their access without modifying the database as the original (ID=0) admin account does not show up in the user section. You ought to be able to "control" all users through the interface lest the original admin account gets forgotten about.
Backwards Compatible: True
Due in version: