Actions
Bug #16386
closed
Technique edit authorizations don't allow technique editor use
Status:
Released
Priority:
N/A
Assignee:
Category:
Web - Technique editor
Target version:
Pull Request:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Very Small
Priority:
102
Name check:
To do
Fix check:
Checked
Regression:
Description
When the have the user authorization plugin, admin can access the technique editor, but not an user with rights:
<user name="alice" password="xxx" role="user,deployment_read,deployment_write,directive_read,directive_edit,directive_write,technique_read,technique_edit,technique_write,configuration_read" />
Then, in the Menu the "Utilities" points to hostname/rudder/secure/utilities/techniqueEditor and I'm getting error 404.
If I go directly to /rudder/secure/configurationManager/techniqueEditor, it does work.
Moreover, with the less authorized user, creating a technique leads to error:
I have a dead link if I'm logging in with "normal-user" in the Menu the "Utilities" points to hostname/rudder/secure/utilities/techniqueEditor and I'm getting error 404 the /rudder/secure/configurationManager/techniqueEditor does work.
But the technique is actually created or updated!
Updated by 
Updated by
Actions