Project

General

Profile

Actions

Bug #25005

closed

node_all rights can't see node compliance with error: secure/api/compliance/nodes/{id}

Added by François ARMAND 6 months ago. Updated 6 months ago.

Status:
Rejected
Priority:
N/A
Assignee:
-
Category:
API
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

When an user with only node_all rights try to go to the node page, he can't see node compliance because of these erroes:

2024-06-13 16:00:01+0200 ERROR api-processing - Authorization error for 'GET secure/api/compliance/nodes/458740d3-c4a9-4474-8485-478e7e52db52': User 'node_all' is not allowed to access GET secure/api/compliance/nodes/{id}
2024-06-13 16:00:01+0200 ERROR com.normation.rudder.rest.RestUtils - "Authorization error: User 'node_all' is not allowed to access GET secure/api/compliance/nodes/{id}" 
2024-06-13 16:00:01+0200 ERROR api-processing - Authorization error for 'GET secure/api/compliance/nodes/458740d3-c4a9-4474-8485-478e7e52db52/system': User 'node_all' is not allowed to access GET secure/api/compliance/nodes/{id}/system
2024-06-13 16:00:01+0200 ERROR com.normation.rudder.rest.RestUtils - "Authorization error: User 'node_all' is not allowed to access GET secure/api/compliance/nodes/{id}/system" 

This didn't used to be the case in 7.x, BUT it DOES match right description: node is only about inventory info, compliance is about compliance info.
(https://docs.rudder.io/reference/8.1/plugins/user-management.html#_object_type)


Files

clipboard-202406131610-jxsqt.png (84.2 KB) clipboard-202406131610-jxsqt.png François ARMAND, 2024-06-13 16:10

Related issues 2 (0 open2 closed)

Related to Rudder - Bug #24671: API authorization error: secure/api/compliance/nodes/{id}/systemReleasedVincent MEMBRÉActions
Related to Rudder - Bug #25008: When node compliance right is missing, we don't want a red error pop-upReleasedClark ANDRIANASOLOActions
Actions #1

Updated by François ARMAND 6 months ago

  • Related to Bug #24671: API authorization error: secure/api/compliance/nodes/{id}/system added
Actions #2

Updated by François ARMAND 6 months ago

  • Related to Bug #25008: When node compliance right is missing, we don't want a red error pop-up added
Actions #3

Updated by François ARMAND 6 months ago

  • Status changed from New to Rejected

So, that's the behavior we want - without the error pop-up, but something more clean - see #25008

Actions

Also available in: Atom PDF