Project

General

Profile

Actions
Copy link

Bug #27211

open

Cannot remove all rights from a user who has a single role, from the User management GUI

Added by Michel BOUISSOU 23 days ago. Updated 9 days ago.

Status:
Pending release
Priority:
2
Assignee:
Clark ANDRIANASOLO
Category:
Security
Target version:
8.2.9
Pull Request:
https://github.com/Normation/rudder/p...
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
I hate Rudder for that
User visibility:
First impressions of Rudder
Effort required:
Very Small
Priority:
157
Name check:
To do
Fix check:
To do
Regression:
No

Description

When a user is initially created with the GUI, it is created with “no rights”.

As soon as the user has been given one role, it is not possible to remove the only role the user has, because :

- The system refuses to delete the only role attributed to the user ;
- If one tries to add “no rights” again, it is removed when pressing [Save] as the user still has some other rights.
- It is impossible to remove the only rights the user have after having added “no rights” without having saved.

So it is possible to add a different role to a user, then remove the previous one, but it is not possible to remove all rights.

All that can be done is disable or remove the user.

Files

clipboard-202507171732-wyhfy.png (138 KB) clipboard-202507171732-wyhfy.png Clark ANDRIANASOLO, 2025-07-17 17:32

Subtasks 2 (2 open0 closed)

Bug #27310: User management API permissions in responses are empty when not updating themNewClark ANDRIANASOLOActions
Bug #27315: Upmerge of API tests on user permissions in 9.0Pending releaseFrançois ARMANDActions
Actions
Copy link
 #1

Updated by François ARMAND 17 days ago

  • Assignee set to Clark ANDRIANASOLO
  • Priority changed from To review to 2

Perhaps something changed in the validation of empty things or UI. But since we are still able to disable users, that doesn't seems very impactful.

Actions
Copy link
 #2

Updated by Clark ANDRIANASOLO 10 days ago

  • Target version set to 8.2.9
  • Severity set to Minor - inconvenience | misleading | easy workaround
  • UX impact set to I hate Rudder for that
  • User visibility set to First impressions of Rudder
  • Effort required set to Very Small
  • Priority changed from 0 to 157
Actions
Copy link
 #3

Updated by Clark ANDRIANASOLO 10 days ago

  • Status changed from New to In progress
Actions
Copy link
 #4

Updated by Clark ANDRIANASOLO 10 days ago

The API has something wrong about its behavior, in the representation of "emptiness" of permissions to update VS the intent to "reset" permissions :

it seems like passing "permissions":[] has the behavior of passing "permissions":null which does not update permissions at all.

A "permissions":[] in the update payload should mean that the user has "no permissions", which should end up in the update of the users' permissions.
Then, in the current UI, when the list is empty a right no_right is displayed, but this should have no x because it cannot be removed

Actions
Copy link
 #5

Updated by Clark ANDRIANASOLO 10 days ago

  • Status changed from In progress to Pending technical review
  • Pull Request set to https://github.com/Normation/rudder/pull/6525
Actions
Copy link
 #6

Updated by Clark ANDRIANASOLO 9 days ago

  • Subtask #27310 added
Actions
Copy link
 #7

Updated by Clark ANDRIANASOLO 9 days ago

  • Status changed from Pending technical review to Pending release
Actions
Copy link
 #8

Updated by Clark ANDRIANASOLO 9 days ago

  • Subtask #27315 added
Actions
Copy link

Also available in: Atom PDF