ContrailSecurity: global scope objects are not accessible by _member_ users
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R4.1 |
Invalid
|
High
|
Senthilnathan Murugappan | |||
Trunk |
Invalid
|
High
|
Senthilnathan Murugappan |
Bug Description
global scope objects (fwp, fwr, tags etal) are not accessible by non-admin users since the ownership of those objects is set to cloud-admin and the global_access flag is set 0
It should be set to 5 for other tenants to access the global objects.
"fq_name": [
],
"href": "http://
"id_perms": {
},
"uuid": {
}
},
"name": "test-fwp",
"perms2": {
{
}
]
},
"uuid": "0a38707b-
}
tags: | added: releasenote |
On the same note the default- policy- management object also needs to have global_access set to 5 else _member_ user is not able to access global objects from UI (since UI does /firewall- policys? detail= true&fields= application_ policy_ set_back_ refs&parent_ fq_name_ str=default- policy- management& parent_ type=policy- management) .