Bug #26847: A user that has only the "deployer_read" right does not have access to the settings API - Rudder - Issue Tracker

Actions

Copy link

Bug #26847

open

Change validation - Architecture #26788: Rewrite WorkflowInformation navigation bar in Elm

A user that has only the "deployer_read" right does not have access to the settings API

Added by Véronique HAYAERT 6 days ago. Updated about 14 hours ago.

Status:

Pending release

Priority:

N/A

Assignee:

Véronique HAYAERT

Category:

API

Target version:

8.3.1

Pull Request:

https://github.com/Normation/rudder/p...

Severity:

Major - prevents use of part of Rudder | no simple workaround

UX impact:

User visibility:

Effort required:

Priority:

Name check:

To do

Fix check:

Checked

Regression:

Description


$ curl --header "X-Requested-With: XMLHttpRequest" --header "Cookie: JSESSIONID= $(cat myCookie)" --request GET http://localhost:8080/rudder/secure/api/settings/enable_change_request | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   172  100   172    0     0  31210      0 --:--:-- --:--:-- --:--:-- 34400
{
  "action": "getSetting",
  "result": "error",
  "errorDetails": "Authorization error: User 'deployer_read_user' is not allowed to access GET secure/api/settings/{key}" 
}

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder

Custom queries

Bug #26847

A user that has only the "deployer_read" right does not have access to the settings API

Updated by Véronique HAYAERT 6 days ago

Updated by Véronique HAYAERT 6 days ago

Updated by Véronique HAYAERT 6 days ago

Updated by Clark ANDRIANASOLO about 14 hours ago