Bug #26602
closed
User with "compliance" perm get error on group, directive pages
Description
When using a user with the "compliance" permission and only that one, when we get on a group detail, we have two errors regarding server error.
The same kind of error happens on directive, and rule, node (see screenshots).
=> only the compliance tab of nodes, rules, directives, groups should be accessible for a user with only compliance perm.
Plus that permission profile has access to techniques and global properties : he should not.
Seen in 8.3, but the behavior is likely also incorrect in 8.2.
It happens also on the node details
and the rules page
Files
Updated by Nicolas CHARLES 25 days ago
- File clipboard-202503241424-ml8rx.png clipboard-202503241424-ml8rx.png added
- Description updated (diff)
Updated by Nicolas CHARLES 25 days ago
- File clipboard-202503241425-irwu9.png clipboard-202503241425-irwu9.png added
- Description updated (diff)
Updated by Nicolas CHARLES 25 days ago
Log say
2025-03-24 13:26:24+0000 INFO api-processing.response-error - "Authorization error: User 'dev' is not allowed to access GET secure/api/user/api/token/status"
2025-03-24 13:26:26+0000 WARN api-processing - User 'dev' is not authorized to access API 'writeFileResource
2025-03-24 13:26:26+0000 INFO api-processing.response-error - "User 'dev' is not authorized to access API 'writeFileResource"
2025-03-24 13:26:26+0000 WARN api-processing - Authorization error for 'GET secure/api/user/api/token/status': User 'dev' is not allowed to access GET secure/api/user/api/token/status
2025-03-24 13:26:26+0000 INFO api-processing.response-error - "Authorization error: User 'dev' is not allowed to access GET secure/api/user/api/token/status"
2025-03-24 13:26:30+0000 WARN api-processing - Authorization error for 'GET secure/api/settings/global_policy_mode': User 'dev' is not allowed to access GET secure/api/settings/{key}
Updated by François ARMAND 25 days ago
- Status changed from New to In progress
- Assignee set to François ARMAND
Updated by François ARMAND 25 days ago
- Subject changed from Error when Getting Policy Mode, details: The server had a problem, try again later to User with "compliance" perm get error on group, directive pages
- Description updated (diff)
- Priority changed from N/A to 1 (highest)
- Target version changed from 8.3.0~rc1 to 8.2.6
Updated by François ARMAND 25 days ago
- Status changed from In progress to New
- Assignee changed from François ARMAND to Clark ANDRIANASOLO
Updated by François ARMAND 22 days ago
- Priority changed from 1 (highest) to N/A
- Target version changed from 8.2.6 to 8.3.0~rc1
Updated by Clark ANDRIANASOLO 22 days ago
- File clipboard-202503271530-ojrig.png clipboard-202503271530-ojrig.png added
- File clipboard-202503271530-ec7z7.png clipboard-202503271530-ec7z7.png added
- in 8.3 the bug is that the rights for the policy mode endpoints have changed (in #24872)
- there is another bug : the
Administrationmenu is present and redirects to a 404 page, whereas in 8.2 it has a sub-menu for the "Techniques tree"
In 8.2, we will need to decide if we need to remove the access to the global properties and techniques + the techniques tree, it does not seem to be trivial on 8.3 directly since we have new tab and menu structures
Updated by Clark ANDRIANASOLO 22 days ago
- Related to Architecture #24872: Rework api authorization models added
Updated by Clark ANDRIANASOLO 22 days ago
- Status changed from New to In progress
Updated by Clark ANDRIANASOLO 22 days ago
- Status changed from In progress to Pending technical review
- Assignee changed from Clark ANDRIANASOLO to François ARMAND
- Pull Request set to https://github.com/Normation/rudder/pull/6291
Updated by Clark ANDRIANASOLO 22 days ago
- Related to Bug #26642: Compliance right should not give access to techniques and global parameters added
Updated by Clark ANDRIANASOLO 22 days ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|ebcff5a064f6b9ee80e9b3621edd9c02b65390a5.
Updated by Vincent MEMBRÉ 8 days ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 8.3.0~rc1 which was released today.