-
Bug
-
Resolution: Done
-
Undefined
-
None
-
1.5.0
-
None
-
False
-
-
False
-
-
-
Important
Description of the problem:
I've created an rbac role utilizing workflowAdminView similar to this example and it seems to make no difference compared to various other lesser roles. From what I can tell other lesser roles should be limited from seeing the workflow definition / variables screen, but they still can.
Versions:
- https://github.com/rhdhorchestrator/orchestrator-plugins-internal-release/releases/download/v1.5.0-rc.2/backstage-plugin-orchestrator-backend-dynamic-1.5.0-rc.2.tgz
- https://github.com/rhdhorchestrator/orchestrator-plugins-internal-release/releases/download/v1.5.0-rc.2/backstage-plugin-orchestrator-1.5.0-rc.2.tgz
- -Operator: Orchestrator Operator v1.5.0-2025-04-03
How reproducible: 100%
Steps to reproduce:
1. Deploy orchestrator 1.5 with rbac enabled
2. Use policy.yaml file for rbac authorization configuration
3. Create the following
# admin role and user
p, role:default/workflowAdmin, orchestrator.workflow, read, allow
p, role:default/workflowAdmin, orchestrator.workflow.use, update, allow
p, role:default/workflowAdmin, orchestrator.workflowAdminView, read, allow
g, user:default/test-admin-user, role:default/workflowAdmin
# regular role and user
p, role:default/workflowReadwrite, orchestrator.workflow, read, allow
p, role:default/workflowReadwrite, orchestrator.workflow.use, update, allow
g, user:default/test-regular-user, role:default/workflowReadwrite
4. Run work flow and view results / variables / workflow definition and compare between users
Actual results:
Both users can view everything exactly the same
Expected results:
There is some difference between what the users can view
- relates to
-
FLPATH-1922 RBAC UI enhancements
-
- Closed
-
