Bug #27211: Cannot remove all rights from a user who has a single role, from the User management GUI - Rudder - Issue Tracker

Actions

Copy link

Bug #27211

open

Cannot remove all rights from a user who has a single role, from the User management GUI

Added by Michel BOUISSOU 2 months ago. Updated 4 days ago.

Status:

Pending release

Priority:

Assignee:

Clark ANDRIANASOLO

Category:

Security

Target version:

8.2.9

Pull Request:

https://github.com/Normation/rudder/p...

Severity:

Minor - inconvenience | misleading | easy workaround

UX impact:

I hate Rudder for that

User visibility:

First impressions of Rudder

Effort required:

Very Small

Priority:

155

Name check:

To do

Fix check:

Checked

Regression:

Description

When a user is initially created with the GUI, it is created with “no rights”.

As soon as the user has been given one role, it is not possible to remove the only role the user has, because :

- The system refuses to delete the only role attributed to the user ;
- If one tries to add “no rights” again, it is removed when pressing [Save] as the user still has some other rights.
- It is impossible to remove the only rights the user have after having added “no rights” without having saved.

So it is possible to add a different role to a user, then remove the previous one, but it is not possible to remove all rights.

All that can be done is disable or remove the user.

Files

clipboard-202507171732-wyhfy.png (138 KB) clipboard-202507171732-wyhfy.png

Clark ANDRIANASOLO, 2025-07-17 17:32

Subtasks 3 (2 open — 1 closed)

Related issues 1 (1 open — 0 closed)

Actions

Copy link

Updated by François ARMAND 2 months ago

Assignee set to Clark ANDRIANASOLO
Priority changed from To review to 2

Perhaps something changed in the validation of empty things or UI. But since we are still able to disable users, that doesn't seems very impactful.

Actions

Copy link

Updated by Clark ANDRIANASOLO about 2 months ago

Target version set to 8.2.9
Severity set to Minor - inconvenience | misleading | easy workaround
UX impact set to I hate Rudder for that
User visibility set to First impressions of Rudder
Effort required set to Very Small
Priority changed from 0 to 157

Actions

Copy link

Updated by Clark ANDRIANASOLO about 2 months ago

Status changed from New to In progress

Actions

Copy link

Updated by Clark ANDRIANASOLO about 2 months ago

File clipboard-202507171732-wyhfy.png clipboard-202507171732-wyhfy.png added

The API has something wrong about its behavior, in the representation of "emptiness" of permissions to update VS the intent to "reset" permissions :

it seems like passing "permissions":[] has the behavior of passing "permissions":null which does not update permissions at all.

A "permissions":[] in the update payload should mean that the user has "no permissions", which should end up in the update of the users' permissions.
Then, in the current UI, when the list is empty a right no_right is displayed, but this should have no x because it cannot be removed

Actions

Copy link