sureshanaparti commented on a change in pull request #260:
URL:
https://github.com/apache/cloudstack-documentation/pull/260#discussion_r792958333
##########
File path: source/adminguide/accounts.rst
##########
@@ -135,6 +135,17 @@ allows CloudStack root admins to create new roles with
customized permissions.
The allow/deny rules can be configured dynamically during runtime without
restarting the management server(s).
+.. Note:: Any user given the custom roles that include permission to
+ create and/or update accounts will have the ability to
+ assign new custom roles to themsevles or other users,
+ irrspective of the privialges given in those roles. This
+ could allow such a user to escalate their own privalges to
+ include any API they might not have had before. Thereofre,
+ the dynamic roles should be carefully designed and the
+ `createAccount` and `updateAccount` priviledges should only
Review comment:
```suggestion
`createAccount` and `updateAccount` privileges should only
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
