-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
Quality / Stability / Reliability
-
False
-
-
False
-
None
-
-
None
Description of problem:
On UserDefinedNetwork page the option for creating ClusterUserDefinedNetwork object is available for non-admin users. Although non-admin user cannot create an object due to missing permissions. And the same goes for NetworkAttachmentDefintions. A non admin users can tinker with the project selector eventually be exposed to namespaces that are not visible to them and they should not have permissions to. One example is the "openshift-virtualiztion-os-images" namespace being exposed w/o additional effort from the users. See attached screenshot. The ClusterUserDefinedNetwork API is for admin users only, the creation option should be grayed out in the first place. One might think they can create CUDN object, after filling the required values they will see it fail due to lack of permissions, which is annoying.
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1. Login as non-admin user 2. Go to UserDefinedNetwork page 3. Click on Create 4. Select ClusterUserDefinedNetwork 5. Fill required values, and click Create
Actual results:
ClusterUserDefinedNetwork creation page is available for non admin users. Non admin user can tinker with the project selector and be exposed to namespaces that should not be visible and they have no permissions to. CUDN creation fail with an error due to missing permissions at much later time, after filling required fields and clicking Create.
Expected results:
ClusterUserDefinedNetwork creation option to be grayed-out, and not be visible to non-admin users.
Additional info:
