Project

General

Profile

Actions

Bug #8790

closed

A read only account should not have access to API tokens

Added by Alexis Mousset over 8 years ago. Updated over 7 years ago.

Status:
Released
Priority:
N/A
Category:
Web - Config management
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
52
Name check:
Fix check:
Regression:

Description

At least until we heave read-only tokens.

A read_only user can read current tokens and modify them, and gets a full write access to the configuration.


Related issues 1 (0 open1 closed)

Related to Rudder - Bug #8774: Read only access to Administration allow to change some parametersReleasedVincent MEMBRÉActions
Actions #1

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.11.23 to 2.11.24
Actions #2

Updated by Alexis Mousset over 8 years ago

  • Category set to Web - Config management
Actions #3

Updated by Vincent MEMBRÉ about 8 years ago

  • Target version changed from 2.11.24 to 308
Actions #4

Updated by Vincent MEMBRÉ about 8 years ago

  • Target version changed from 308 to 3.1.14
Actions #5

Updated by Vincent MEMBRÉ about 8 years ago

  • Target version changed from 3.1.14 to 3.1.15
Actions #6

Updated by Vincent MEMBRÉ about 8 years ago

  • Target version changed from 3.1.15 to 3.1.16
Actions #7

Updated by Vincent MEMBRÉ about 8 years ago

  • Target version changed from 3.1.16 to 3.1.17
Actions #8

Updated by Vincent MEMBRÉ almost 8 years ago

  • Target version changed from 3.1.17 to 3.1.18
Actions #9

Updated by Vincent MEMBRÉ almost 8 years ago

  • Target version changed from 3.1.18 to 3.1.19
Actions #10

Updated by Benoît PECCATTE over 7 years ago

  • Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
  • User visibility set to Operational - other Techniques | Technique editor | Rudder settings
Actions #12

Updated by Benoît PECCATTE over 7 years ago

  • Priority set to 54
Actions #13

Updated by Benoît PECCATTE over 7 years ago

  • Priority changed from 54 to 53
Actions #14

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 3.1.19 to 3.1.20
Actions #15

Updated by Nicolas CHARLES over 7 years ago

  • Assignee set to Nicolas CHARLES
Actions #16

Updated by Nicolas CHARLES over 7 years ago

  • Status changed from New to In progress
Actions #17

Updated by Nicolas CHARLES over 7 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/1640
Actions #18

Updated by Nicolas CHARLES over 7 years ago

  • Status changed from Pending technical review to Pending release
Actions #19

Updated by Vincent MEMBRÉ over 7 years ago

  • Parent task deleted (#8774)
  • Priority changed from 53 to 52
Actions #20

Updated by Vincent MEMBRÉ over 7 years ago

  • Related to Bug #8774: Read only access to Administration allow to change some parameters added
Actions #21

Updated by Vincent MEMBRÉ over 7 years ago

  • Private changed from Yes to No
Actions #22

Updated by Vincent MEMBRÉ over 7 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 3.1.20, 4.0.5 and 4.1.2 which were released today.

Actions

Also available in: Atom PDF