Mandatory information about my setup:
Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? No
Joomla! version: 2.5.9
PHP version: (unknown)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: 2.4.4
Description of my issue: I am trying to assign a user to a "security" role so that this user can see and access just the security features of Admin Tools, but without having to make that person an administrator. The problem I encountered... This user receives a 403 (unauthorized) error when clicking on the WAF (firewall) button. Yet, this user is able to see the Security Exceptions Log. I am able to give this user a direct link to the Security Exceptions Log, which works. So a setting of the Security permission alone can lead to 403 error and otherwise accessible pages behind WAF cannot be reached through the icons/panel.
Steps to recreate:
- Create a user group such as "security."
- Give this group only three permissions: to login to backend, to access Admin Tools, the "security" permission for Admin Tools.
- Assign a test user to this new group and to no other group.
- login as this person
- Click on the WAF button - you should receive a 403.
- Go directly to the Security Exceptions Log using this URL variables: index.php?option=com_admintools&view=logs You should be able to see the screen
- Try this set of URL variables: option=com_admintools&view=wafconfig - the Security permission allows one to reach this page, but I suspect this page should be accessible only through a different permission (perhaps configuration)
Each of the items behing WAF is accessible through a direct URL (should they be?). But non are accessible thorugh the normal navigation through icons within Admin Tools.