Project

General

Profile

Actions

Bug #8790

closed

A read only account should not have access to API tokens

Added by Alexis Mousset over 8 years ago. Updated over 7 years ago.

Status:
Released
Priority:
N/A
Category:
Web - Config management
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
52
Name check:
Fix check:
Regression:

Description

At least until we heave read-only tokens.

A read_only user can read current tokens and modify them, and gets a full write access to the configuration.


Related issues 1 (0 open1 closed)

Related to Rudder - Bug #8774: Read only access to Administration allow to change some parametersReleasedVincent MEMBRÉActions
Actions

Also available in: Atom PDF