Project

General

Profile

Bug #10764

Technique editor ignores Rudder's CR process

Added by Florian Heigl almost 3 years ago. Updated about 1 year ago.

Status:
New
Priority:
N/A
Assignee:
-
Category:
Web - Technique editor
Target version:
-
Pull Request:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Large
Priority:
0

Description

If you hand configuration permissions to a rudder user, they are be allowed to view, modify and debug the configuration that makes up rudder's end system policy.
Unfortunately it seems if they have access to NCF they are able to modify contents of the techniques in there.
The problem is that those changes take effect directly, and bypass the CR system.

This shouldn't be too hard to solve just modifying the type of input boxes and disabling visually the save + reset buttons.

Until then, it needs to be documented, along with advice on how to set up (or, rather, which permissions to not hand out) NCF.
NCF is no longer a beta component as far as I am aware and shouldn't just ignore rudder.

My suggestion is to properly introduce versioning on NCF techniques.

That way modification of an rule-contained NCF technique could be allowed but not have any effect on the live policy, forcing to switch it's version from within the Rudder side of things.
That would then need to pass through the CR process.

Not that I like it too much, but it would actually allow to create and prepare the objects in NCF and not get in the way until they are really affecting systems.

In any case, a warning needs to move in place.


Related issues

Related to Rudder - Bug #14312: Missing eventlogs for technique editor action and technique updateReleasedFrançois ARMANDActions
#1

Updated by François ARMAND almost 3 years ago

  • Severity changed from Major - prevents use of part of Rudder | no simple workaround to Critical - prevents main use of Rudder | no workaround | data loss | security
  • User visibility changed from Infrequent - complex configurations | third party integrations to Operational - other Techniques | Technique editor | Rudder settings
  • Effort required set to Large
  • Priority changed from 0 to 46
#2

Updated by Benoît PECCATTE over 2 years ago

  • Priority changed from 46 to 45
#3

Updated by Benoît PECCATTE over 2 years ago

  • Priority changed from 45 to 42
#4

Updated by François ARMAND about 1 year ago

  • Related to Bug #14312: Missing eventlogs for technique editor action and technique update added
#5

Updated by Alexis MOUSSET about 1 year ago

  • Subject changed from ncf ignores rudder's CR process. to Technique editor ignores Rudder's CR process
  • Priority changed from 42 to 0

Also available in: Atom PDF