Comment 11 for bug 1064914
Revision history for this message
| Thierry Carrez (ttx) wrote Re: Removing user from a tenant isn't invalidating user access to tenant | #11 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
513534c
demo site
(Get the code!)
So if I get this straight, the issue is that if a user has a role that makes it associated with a tenant, but then that role is removed, the token is still valid. That would make it part of the "extension of validity" class I mentioned above, which we considered in the past as worthy of an advisory.
If confirmed, I'll prepare an impact statement.
Vish's folsom-backport tag probably means that Folsom is also affected. What about Essex at first glance ?