Actions
Bug #26952
open
User with only “Inventory” rights can access too much information
Pull Request:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
I hate Rudder for that
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No
Description
A ˘toto" user, created with only “Inventory” rights can access a lot more :
- System updates
- Nodes properties
- Node technical logs (that may show sensitive information)
Plus clicking on many tabs produce an error message :
Error Error when Getting node compliance, details: Unknown error
Even though some content gets displayed
Files
| User_toto_250522a.png (49.6 KB) User_toto_250522a.png | Toto only has inventory rights | ||
| User_inventory_access_250522a_updates.png (211 KB) User_inventory_access_250522a_updates.png | Toto can see system updates | ||
| User_inventory_access_250522b_properties.png (189 KB) User_inventory_access_250522b_properties.png | Toto can see nodes properties | ||
| User_inventory_access_250522c_tech_logs.png (263 KB) User_inventory_access_250522c_tech_logs.png | Toto can see technical logs | ||
| User_inventory_access_250522d_error.png (8.2 KB) User_inventory_access_250522d_error.png | Error message often displayed |
No data to display
Actions