I have posted this in brainstorm around an year back and there was no progress or response…
IS Admin should ask to fill current password when changing the password for any user.
Currently what can happen is ,
- with a Developer user/pwd I can change the Administrator password of IS by using (WmRoot API/Services) which should not be allowed ideally !!!
- with a different IS acl/user cnf files or updating these config files programmatically can change the Administrator/any passwords.
Item 2 above is to some extend ok and but Item 1 is not ok I guess !?
I know in PROD env we are not supposed to enable Developer , Replicator users (default ones) but my questions are towards DEV/TEST environment where in real scenarios, 1 vendor may control the IS (Admin activities/deployment etc ) and other vendor may work on development .