[multi-user] Unclear on what model abilities should be allowed for a non-admin
Bug #1808662 reported by
Peter Matulis
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Canonical Juju |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
This bug is more of a question. I'm not sure whether the behaviour I'm seeing is intended or not.
My understanding is that a user requires 'admin' permissions to a model in order to both list users who have access to the model as well as get information out of the `show-model` command.
As it turns out, I observe that a user with just 'write' access is able to list the model's users. As for `show-model`, such a user also gets output but not the full output that a controller admin sees.
User output: https:/
Admin output: https:/
Is this all as intended?
Revision history for this message
| Richard Harding (rharding) wrote | #1 |
| Changed in juju: | |
| status: | New → Won't Fix |
To post a comment you must log in.
Yes, if you have write access to a model you're a participant. If you hit an issue you cannot solve it's reasonable for you to be able to list users to see who else you can reach out to for assistance (e.g. you can't destroy the model but it needs to go).
It's also intended that write access users don't get everything a true admin gets as the intent is that someone can help work on the model but not act maliciously towards it. Marking won't fix, but let me know if I've misunderstood your concerns.