Skip to main content

Warning - Nasty bug/issue with tenant administrator management

Posted by mattdarnell on Fri, 06/23/2017

Just had a tech run into this and wanted to warn people and get it fixed.

A tech had just added a tenant level admin but wanted to delete it so they could name it something else. They clicked on the box next to the name and clicked delete at the bottom - see picture.

The next popup only asks 'Are you sure you want to delete?' - see picture. He deleted the entire tenant!

It should read 'Are you want to delete the entire Tenant' and then pop 'are you sure - all tenant user information will be deleted and it is nonrecoverable'

After he showed me the process I stopped yelling at him b/c it is reasonable to assume you are only deleting the admin. There should be a lot more you have to do to delete a tenant.

Be warned & please fix!

-Matt


Submitted by thirdlane on Fri, 06/23/2017 Permalink

Matt,

I am sorry that your tech deleted a tenant. This screen can be a little confusing, since we allow both creation of new admins (as a shortcut, so that you don't have to go to the Administrators screen) and also adding/removing existing admins from the list of admins who can manage this tenant. We list all the admins and then it is just a matter of setting/unsetting the checkbox.

The buttons on the bottom always relate to the object being managed, in this case tenant, that's why the warning is so generic.

We actually have this message explaining the admins management:

"Here you can create tenant level administrators or assign administrators to allow managing this tenant. Note that removing tenant level administrators created here from the list does not delete corresponding users automatically. If you need to delete them you can use Systems Settings -> Administrators screen."

If this is not clear, we could add another warning explaining that delete is for deleting tenants. Would that help?

Submitted by mattdarnell on Fri, 06/23/2017 Permalink

Thank you for the response!

I think you should be able to delete tenant admins from that screen and there should be a second confirmation when deleting a tenant.

It isn't clear that unchecking the box will take away admin rights for the tenant.

My 2cents!

-Matt

Submitted by matthewmalk248 on Fri, 06/30/2017 Permalink

I think having the confirmation read " Are you sure you want to delete this entire tenant " would prevent most user errors without changing or modifying the existing interface. I could see someone was in a hurry, or possibly distracted by talking to the customer on the phone, that this could happen to anyone.