Actions
Bug #25005
closednode_all rights can't see node compliance with error: secure/api/compliance/nodes/{id}
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No
Description
When an user with only node_all
rights try to go to the node page, he can't see node compliance because of these erroes:
2024-06-13 16:00:01+0200 ERROR api-processing - Authorization error for 'GET secure/api/compliance/nodes/458740d3-c4a9-4474-8485-478e7e52db52': User 'node_all' is not allowed to access GET secure/api/compliance/nodes/{id} 2024-06-13 16:00:01+0200 ERROR com.normation.rudder.rest.RestUtils - "Authorization error: User 'node_all' is not allowed to access GET secure/api/compliance/nodes/{id}" 2024-06-13 16:00:01+0200 ERROR api-processing - Authorization error for 'GET secure/api/compliance/nodes/458740d3-c4a9-4474-8485-478e7e52db52/system': User 'node_all' is not allowed to access GET secure/api/compliance/nodes/{id}/system 2024-06-13 16:00:01+0200 ERROR com.normation.rudder.rest.RestUtils - "Authorization error: User 'node_all' is not allowed to access GET secure/api/compliance/nodes/{id}/system"
This didn't used to be the case in 7.x, BUT it DOES match right description: node is only about inventory info, compliance is about compliance info.
(https://docs.rudder.io/reference/8.1/plugins/user-management.html#_object_type)
Files
Updated by François ARMAND 6 months ago
- Related to Bug #24671: API authorization error: secure/api/compliance/nodes/{id}/system added
Updated by François ARMAND 6 months ago
- Related to Bug #25008: When node compliance right is missing, we don't want a red error pop-up added
Updated by François ARMAND 6 months ago
- Status changed from New to Rejected
So, that's the behavior we want - without the error pop-up, but something more clean - see #25008
Actions