The sole owner of an organization can change their own role from Owner to Viewer (or Employee), and this results in permanent loss of all admin privileges with no warning or way to resolve it from the front end.
- Create new organization in Probo account
- You are the sole Owner
- Go to People and click the role dropdown on your own membership
- Change your role from Owner to Viewer
- The role change is accepted without warning - now you're stuck.
Notes (thanks claude!)
- The RemoveUser path already has a guard for this at
pkg/iam/organization_service.go:323-332 using CountActiveOwnerByOrganizationID, but
the UpdateMembership path at line 244-292 has no equivalent check before allowing
a role demotion from Owner.
Trying to submit only useful stuff here!
The sole owner of an organization can change their own role from Owner to Viewer (or Employee), and this results in permanent loss of all admin privileges with no warning or way to resolve it from the front end.
Notes (thanks claude!)
pkg/iam/organization_service.go:323-332 using CountActiveOwnerByOrganizationID, but
the UpdateMembership path at line 244-292 has no equivalent check before allowing
a role demotion from Owner.
Trying to submit only useful stuff here!