Project

General

Profile

Actions

Bug #16386

closed

Technique edit authorizations don't allow technique editor use

Added by François ARMAND over 4 years ago. Updated about 4 years ago.

Status:
Released
Priority:
N/A
Category:
Web - Technique editor
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Very Small
Priority:
102
Name check:
To do
Fix check:
Checked
Regression:

Description

When the have the user authorization plugin, admin can access the technique editor, but not an user with rights:

  <user name="alice" password="xxx" role="user,deployment_read,deployment_write,directive_read,directive_edit,directive_write,technique_read,technique_edit,technique_write,configuration_read" />

Then, in the Menu the "Utilities" points to hostname/rudder/secure/utilities/techniqueEditor and I'm getting error 404.
If I go directly to /rudder/secure/configurationManager/techniqueEditor, it does work.

Moreover, with the less authorized user, creating a technique leads to error:

 I have a dead link if I'm logging in with "normal-user" 
in the Menu the "Utilities" points to hostname/rudder/secure/utilities/techniqueEditor and I'm getting error 404
the /rudder/secure/configurationManager/techniqueEditor does work.

But the technique is actually created or updated!

Actions

Also available in: Atom PDF