Support

Admin Tools

#32331 Why I cannot set a new user as a Super User?

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by dlb on Friday, 07 February 2020 07:49 CST

Saturday, 25 January 2020 11:15 CST

VladGhitulescu
Hey!


I log in as a Super User and try to add a new user, as a Super User as well. (why another Super User is a subject for another support-ticket, but not in this forum :-)

All I get is a "403 - Access Denied" error message and an email warning me about a "Security Exception" with the reason "Backend Edit Admin User".

What do I do wrong?

Thanks!


Regards,
Vlad

Sunday, 26 January 2020 10:37 CST

dlb
Vlad,

You didn't do anything wrong, Admin Tools is protecting you from modifying a back end user's properties. That's a good thing.

Go to Web Application Firewall, Configure WAF, on the Hardening Options tab, set "Disable editing backend users' properties" to No. That will allow you to add or change back end users. The protection is to keep users from editing and escalating their own permissions.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Tuesday, 28 January 2020 14:24 CST

VladGhitulescu
Dale,

Thanks for your answer and nice to read you again! :-)

Does this apply only for Super Users?

In the meantime I try to find another solution that doesn't implies a Super Admin…

Tuesday, 28 January 2020 14:39 CST

dlb
It applies to back end users, including Super Users. The link to the Joomla! forums doesn't go anywhere.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Tuesday, 28 January 2020 14:45 CST

VladGhitulescu
Thanks, Dale!

Sorry for the wrong link.

Here it comes again:

https://forum.joomla.org/viewtopic.php?f=715&t=977460

Tuesday, 28 January 2020 14:58 CST

dlb
You would probably need to have this option turned off in Admin Tools to add the new group to the user, but you could turn it back on after your edits were complete. I think that's what you're asking.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Tuesday, 28 January 2020 15:02 CST

VladGhitulescu
I'll do so, Dale. Thanks again!

Tuesday, 28 January 2020 15:04 CST

dlb
You're welcome!


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Friday, 07 February 2020 05:20 CST

VladGhitulescu
I manage to do everything I want on the test-server, now I'm trying the same on the "production" one.

Only in order to avoid doing something stupid: You said above I should "(…) set "Disable editing backend users' properties" to No (…)" in Admin Tools - WAF - Configure WAF - Hardening Options.

However what I've found there says (see also the attached screenshot):

  • Disable editing backend users' properties

AND
  • Disable creating / editing backend users from the frontend


I think you refer to the first option ("Disable editing backend users' PROPERTIES"), right?

Edited by VladGhitulescu on 2020-02-07 05:22 CST

Friday, 07 February 2020 07:49 CST

dlb
You are correct, "Disable editing backend users' PROPERTIES" needs to be set to "No".

The other one is for extensions that write to the user record from the front end.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!