Security Issue: Users with an admin role are able to list and manipulate apps belonging to other tenants.

Bug #1454838 reported by Murali Allada
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Solum
Fix Released
Undecided
Murali Allada

Bug Description

Users with an admin role are able to list and manipulate apps belonging to other tenants.

Users, even admins, should be allowed access to apps that belong to the same tenant as the user.

We need to introduce a global admin for use by customer service, devops and devs for troubleshooting end user apps. This follows Heats model of using a single tenant created specifically for accessing apps belonging to all tenants.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to solum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/182834

Changed in solum:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to solum (master)

Reviewed: https://review.openstack.org/182834
Committed: https://git.openstack.org/cgit/stackforge/solum/commit/?id=3c4beeeb34dfc2ec0588659a5480abb47223d5fe
Submitter: Jenkins
Branch: master

commit 3c4beeeb34dfc2ec0588659a5480abb47223d5fe
Author: Murali Allada <email address hidden>
Date: Wed May 13 15:39:55 2015 -0500

    Admin users are able to access apps belonging to other tenants.

    Users with an admin role (within a tenant) are able to list and
    manipulate apps belonging to other tenants.

    Users should be allowed access to apps that belong to the same
    tenant as the user.

    We need to introduce a global admin for use by customer service,
    devops and devs for troubleshooting end user apps. This follows
    Heats model of using a single tenant created specifically for
    accessing apps belonging to all tenants.

    Change-Id: I3524f47d051dd60fe3440b17f1574811f4cd1c65
    Closes-bug: 1454838

Changed in solum:
status: In Progress → Fix Committed
Adrian Otto (aotto)
Changed in solum:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.