Uploaded image for project: 'Automation Hub'
  1. Automation Hub
  2. AAH-205

Improve RBAC troubleshooting (add debug level logging about acccess_policy)

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Obsolete
    • Icon: Normal Normal
    • None
    • None
    • None
    • None
    • False
    • False
    • None
    • Undefined

      When the access_policy permissions fail, they don't provide a ton of info about why.

       

      For the most part, it's just a permission_denied error exposed to the user.

       

      And no explanatory info is logged server side.

       

      Since the access_policy permissions are a somewhat complex set of rules and conditions already and likely to get more complex, it would be useful to have more info about the permissions checks presented. 

       

      For server side, this likely means additional (debug) logging.

       

      For client/user, the errors returned could possibly provide some more context.

      For example, which AccessPolicy failed, which set of statements / deployment mode, etc.

          1.
          		 Provide additional access_policy context to permission errors Sub-task Closed Normal Unassigned

              Unassigned Unassigned
              rh-ee-alikins Adrian Likins (Inactive)
              Archiver:
              ranumula@redhat.com Raju Anumula

                Created:
                Updated:
                Resolved:
                Archived: