Pod compose view allows selecting any visible resource pool
Bug #1811658 reported by
Björn Tillenius
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| MAAS |
Triaged
|
Medium
|
Unassigned | ||
| 3.4 |
Won't Fix
|
Medium
|
Unassigned | ||
Bug Description
This is with MAAS 2.5.1-7489-
I have a MAAS deployment with a virsh Pod registered. I have a user which has
Admin on the resource pool the pod belongs to, and the User role on another pool.
If I go and compose a new machine in the pod, I can select the resource pool
where the user only has the User role.
This shouldn't be possible, since it's effectively moving a machine from one
pool to the other, and Users don't have permission to do so.
| tags: | added: rbac |
| Changed in maas: | |
| status: | New → Triaged |
| importance: | Undecided → High |
| milestone: | none → 2.5.1 |
| Changed in maas: | |
| milestone: | 2.5.1 → 2.5.2 |
| Changed in maas: | |
| milestone: | 2.5.2 → 2.5.3 |
| Changed in maas: | |
| milestone: | 2.5.3 → 2.6.0beta2 |
| Changed in maas: | |
| milestone: | 2.6.0beta2 → 2.6.0rc1 |
| Changed in maas: | |
| milestone: | 2.6.0rc1 → 2.6.0rc2 |
| Changed in maas: | |
| milestone: | 2.6.0rc2 → 2.7.0alpha1 |
| Changed in maas: | |
| milestone: | 2.7.0b1 → 2.7.0b2 |
| Changed in maas: | |
| milestone: | 2.7.0b2 → none |
| summary: |
- [2.5, RBAC] Pod compose view allows selecting any visible resource pool + Pod compose view allows selecting any visible resource pool |
Revision history for this message
| Jerzy Husakowski (jhusakowski) wrote | #1 |
| Changed in maas: | |
| importance: | High → Medium |
| milestone: | none → 3.4.0 |
| Changed in maas: | |
| milestone: | 3.4.0 → 3.4.x |
| Changed in maas: | |
| milestone: | 3.4.x → 3.5.x |
To post a comment you must log in.
Needs to be addressed together with other RBAC issues, by introducing a layer that handles permissions consistently.