Project

General

Profile

Actions
Copy link

Bug #8790

closed

A read only account should not have access to API tokens

Added by Alexis Mousset over 8 years ago. Updated over 7 years ago.

Status:
Released
Priority:
N/A
Assignee:
François ARMAND
Category:
Web - Config management
Target version:
3.1.20
Pull Request:
https://github.com/Normation/rudder/p...
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
52
Name check:
Fix check:
Regression:

Description

At least until we heave read-only tokens.

A read_only user can read current tokens and modify them, and gets a full write access to the configuration.

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #8774: Read only access to Administration allow to change some parametersReleasedVincent MEMBRÉActions
Actions
Copy link

Also available in: Atom PDF