BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 07-11-2011, 04:32 PM   #1 (permalink)
New Member
 
Join Date: Jul 2011
Model: 9800
PIN: N/A
Carrier: AT&T
Posts: 1
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default BES Express 5.0.3 Security Role Problem?

Please Login to Remove!

New Member here, I tried several searches but could not find anyone else complaining of this problem. I am wondering if nobody has noticed it, or if it is unique to my situation.

My company is getting ready to migrate from BES 4.1.6 to BES 5.x. In researching this, I have put up BES Express 5.0.3 in a test environment to see if it is worth it for us to migrate to the free version of BES.

I was testing different security roles in BESX, and created an account for our Help Desk using the Senior Helpdesk Administrator role. While logged in under that test account, I went into Manager Users, and just as a fluke tried to delete the default Security Administrator account that was created when I installed BESX. Color me surprised when it let me delete the Security Administrator account while logged in as a lowly Senior Helpdesk Administrator.

Luckily I had previously made other Security Administrator accounts. I created a few other test Security Administrator accounts just to see if it was a one time thing, or if I was seeing things. Each time, I was able to delete the Security Administrator account using the Senior Helpdesk Administrator Account.

Has anyone else come across this before? It seems like a potentially huge security problem, and I have not been able to come up with a solution to protect the Security Admin accounts.

Any help/guidance you guys can provide is appreciated.
Offline  
Old 08-16-2011, 11:45 PM   #2 (permalink)
New Member
 
Join Date: Feb 2010
Model: 9000
PIN: N/A
Carrier: Vodafone NZ
Posts: 1
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: BES Express 5.0.3 Security Role Problem?

I'd also be interested in this. I've created a role with the minimum of rights, just to allow the helpdesk to create new users & do device activations. It looks like the delete user right allows the user to delete any account, including the admin accounts.

I suppose I could create a group that contains only the handset users, and does not contain the admin user(s), and give the helpdes role rights to only that group - but what happens if the helpdesk user deletes a user (which is in this group), then recreates them? The new user wouldn't be in the handset group, and thus helpdesk wouldn't have visibility of them, surely?

EDIT: Actually it looks like the Delete User right is universal, and can't be limited to groups. So your role can either delete ANY user it wants, or none at all.

Last edited by cheeley : 08-16-2011 at 11:48 PM.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads for: BES Express 5.0.3 Security Role Problem?
Thread Thread Starter Forum Replies Last Post
BEs 5.0.2 inplace upgrade of sql express to sql server 2005 elbutre BES Admin Corner 5 10-27-2010 05:59 AM
BES Express One Way Calendar Sync problem. juddy-maldoon BES Admin Corner 8 09-30-2010 09:46 AM
Decommission/Uninstall/Delete BES Express kevkrop BES Admin Corner 0 08-19-2010 08:48 AM
Unlock BES EXPRESS LICENSE LIMIT iaann General BlackBerry Discussion 3 06-20-2008 10:48 AM
BES problem or Exchange 2000 problem? Smits General BlackBerry Discussion 5 08-12-2006 12:21 PM





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.