Default policy does not allow secrets to be deleted by non-admin creator
Bug #1475962 reported by
Michael Durrant
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Barbican |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Currently - "secret:delete": "rule:admin and rule:secret_
What I believe it should be - "secret:delete": "rule:admin_
Please let me know if this was intentional or if I'm missing something.
Thanks,
Michael
summary: |
- Default policy does not allow secrets to be deleted by non-admin creator + Default policy does not allow elements to be deleted by non-admin + creator |
summary: |
- Default policy does not allow elements to be deleted by non-admin - creator + Default policy does not allow secrets to be deleted by non-admin creator |
To post a comment you must log in.
This is absolutely intentional. Secrets are precious. They could be a decryption key for terabytes of irreplaceable data. To prevent the chance for accidental loss, the default policy for delete is admin only.