Project

General

Profile

Actions
Copy link

Bug #8790

closed

A read only account should not have access to API tokens

Added by Alexis Mousset over 7 years ago. Updated almost 7 years ago.

Status:
Released
Priority:
N/A
Assignee:
François ARMAND
Category:
Web - Config management
Target version:
3.1.20
Pull Request:
https://github.com/Normation/rudder/p...
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
52
Name check:
Fix check:
Regression:

Description

At least until we heave read-only tokens.

A read_only user can read current tokens and modify them, and gets a full write access to the configuration.

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #8774: Read only access to Administration allow to change some parametersReleasedVincent MEMBRÉActions
Actions
Copy link
 #1

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 2.11.23 to 2.11.24
Actions
Copy link
 #2

Updated by Alexis Mousset over 7 years ago

  • Category set to Web - Config management
Actions
Copy link
 #3

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 2.11.24 to 308
Actions
Copy link
 #4

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 308 to 3.1.14
Actions
Copy link
 #5

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 3.1.14 to 3.1.15
Actions
Copy link
 #6

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 3.1.15 to 3.1.16
Actions
Copy link
 #7

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 3.1.16 to 3.1.17
Actions
Copy link
 #8

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 3.1.17 to 3.1.18
Actions
Copy link
 #9

Updated by Vincent MEMBRÉ about 7 years ago

  • Target version changed from 3.1.18 to 3.1.19
Actions
Copy link
 #10

Updated by Benoît PECCATTE about 7 years ago

  • Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
  • User visibility set to Operational - other Techniques | Technique editor | Rudder settings
Actions
Copy link
 #12

Updated by Benoît PECCATTE about 7 years ago

  • Priority set to 54
Actions
Copy link
 #13

Updated by Benoît PECCATTE about 7 years ago

  • Priority changed from 54 to 53
Actions
Copy link
 #14

Updated by Vincent MEMBRÉ about 7 years ago

  • Target version changed from 3.1.19 to 3.1.20
Actions
Copy link
 #15

Updated by Nicolas CHARLES almost 7 years ago

  • Assignee set to Nicolas CHARLES
Actions
Copy link
 #16

Updated by Nicolas CHARLES almost 7 years ago

  • Status changed from New to In progress
Actions
Copy link
 #17

Updated by Nicolas CHARLES almost 7 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/1640
Actions
Copy link
 #18

Updated by Nicolas CHARLES almost 7 years ago

  • Status changed from Pending technical review to Pending release
Actions
Copy link
 #19

Updated by Vincent MEMBRÉ almost 7 years ago

  • Parent task deleted (#8774)
  • Priority changed from 53 to 52
Actions
Copy link
 #20

Updated by Vincent MEMBRÉ almost 7 years ago

  • Related to Bug #8774: Read only access to Administration allow to change some parameters added
Actions
Copy link
 #21

Updated by Vincent MEMBRÉ almost 7 years ago

  • Private changed from Yes to No
Actions
Copy link
 #22

Updated by Vincent MEMBRÉ almost 7 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 3.1.20, 4.0.5 and 4.1.2 which were released today.

Actions
Copy link

Also available in: Atom PDF