-
Bug
-
Resolution: Done
-
Undefined
-
None
-
1.6
-
None
-
False
-
-
False
-
-
-
Moderate
Description of the problem:
A user associated with rbac policy orchestrator.instancesAdminView is unable to view all workflow instances (include instances initiated by other users).
Example policy yaml:
p, role:default/workflowUser, orchestrator.workflow.greeting, read, allow p, role:default/workflowUser, orchestrator.workflow.use.greeting, update, allow p, role:default/workflowAdmin, orchestrator.workflow, read, allow p, role:default/workflowAdmin, orchestrator.workflow.use, update, allow p, role:default/workflowAdmin, orchestrator.workflowAdminView, read, allow p, role:default/workflowAdmin, orchestrator.instancesAdminView, read, allow g, user:default/rhdh-orchestrator-test-18, role:default/workflowUser g, user:default/rhdh-orchestrator-test-19, role:default/workflowUser g, user:default/rhdh-orchestrator-test-20, role:default/workflowAdmin
I expect if I were to log in as the rhdh-orchestrator-test-20 user I would be able to see all instances, including those initiated by other users.
- depends on
-
FLPATH-1916 RBAC - Limit access to workflow instances to initiators only
-
- Closed
-
