Actions
Bug #26952
closed
User with only “Inventory” rights has a notification error when changing tab
Status:
Released
Priority:
1 (highest)
Assignee:
Category:
Web - UI & UX
Target version:
Pull Request:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
I hate Rudder for that
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No
Description
A ˘toto" user, created with only “Inventory” rights can access a lot more :
- System updates
- Nodes properties
- Node technical logs (that may show sensitive information)
Plus clicking on many tabs produce an error message :
Error Error when Getting node compliance, details: Unknown error
Even though some content gets displayed
Files
| User_toto_250522a.png (49.6 KB) User_toto_250522a.png | Toto only has inventory rights | ||
| User_inventory_access_250522a_updates.png (211 KB) User_inventory_access_250522a_updates.png | Toto can see system updates | ||
| User_inventory_access_250522b_properties.png (189 KB) User_inventory_access_250522b_properties.png | Toto can see nodes properties | ||
| User_inventory_access_250522c_tech_logs.png (263 KB) User_inventory_access_250522c_tech_logs.png | Toto can see technical logs | ||
| User_inventory_access_250522d_error.png (8.2 KB) User_inventory_access_250522d_error.png | Error message often displayed | ||
| clipboard-202506051548-ddp9w.png (96 KB) clipboard-202506051548-ddp9w.png | |||
| clipboard-202506051548-7hy8k.png (96 KB) clipboard-202506051548-7hy8k.png |
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Actions