RBAC not preventing a creation of subnet via creation of new network
Bug #1398845 reported by
Roey Dekel
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Fix Released
|
Medium
|
Timur Sufiev |
Bug Description
Changing "create_subnet" to "role:admin" in neutron_policy.json is not preventing from non-admin user the creation of a new subnet while creating new network (new network button)
Changed in horizon: | |
status: | New → Confirmed |
assignee: | nobody → Lin Hua Cheng (lin-hua-cheng) |
Changed in horizon: | |
assignee: | Lin Hua Cheng (lin-hua-cheng) → nobody |
Changed in horizon: | |
assignee: | nobody → Timur Sufiev (tsufiev-x) |
Changed in horizon: | |
assignee: | Timur Sufiev (tsufiev-x) → Lin Hua Cheng (lin-hua-cheng) |
Changed in horizon: | |
assignee: | Lin Hua Cheng (lin-hua-cheng) → Timur Sufiev (tsufiev-x) |
Changed in horizon: | |
milestone: | none → newton-2 |
To post a comment you must log in.
If the following policy rule is changed to 'context_is_admin' at Neutron side, then the subnet creation fails. Horizon should behave consistently regarding the Neutron policies - i.e., shouldn't allow to specify subnet details in case it is not allowed to create subnet.