Only ceator of secret and container should be able to define and manage ACL.
Bug #1450849 reported by
Arun Kant
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Barbican |
Fix Released
|
Critical
|
Arun Kant | ||
Bug Description
Currently ACL operation can be managed by any project user who has barbican role (admin or creator) in the project where secret/ container is created.
This could be an issue in private secret or container case as another project user either can mark it un-private or add his user id in ACL list. This limits the effectiveness of ACL.
So check should be added to make sure that the user who created the secret or container, can only create and manage ACL on that secret/ container.
Also allow user with 'admin' role in project to define and manage ACLs.
| description: | updated |
| description: | updated |
| Changed in barbican: | |
| assignee: | nobody → Arun Kant (arunkant-uws) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to barbican (master) | #1 |
| Changed in barbican: | |
| status: | New → In Progress |
| Changed in barbican: | |
| status: | In Progress → Fix Committed |
| Changed in barbican: | |
| milestone: | none → liberty-2 |
| status: | Fix Committed → Fix Released |
| Changed in barbican: | |
| importance: | Undecided → Critical |
| Changed in barbican: | |
| milestone: | liberty-2 → 1.0.0 |
To post a comment you must log in.
Fix proposed to branch: master
Review: https:/