Uploaded image for project: 'FlightPath'
  1. FlightPath
  2. FLPATH-3235

[Bug] Cost management sidebar nav visible to users without cost management RBAC permissions

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      When a user without any cost management or ROS RBAC roles (e.g., no RORead, ROCluster, etc.) logs into RHDH, the "Cost management" sidebar navigation item is still visible.

      Expected: The "Cost management" nav item should be hidden/conditional based on the user having appropriate cost management permissions.

      Actual: The sidebar nav item is visible to ALL authenticated users regardless of roles.

      Impact: Low - users can see the nav item but the Resource Optimization page correctly shows "Error: Unauthorized"

      Steps to reproduce:
      1. Create a user with no cost management roles (e.g., only workflowReadwrite or no roles at all)
      2. Log in as that user
      3. Observe the sidebar - "Cost management" link is visible
      4. Click on it - the page shows "Error: Unauthorized" for the ROS route

      Environment: OCP Edge 73, RHDH 1.9.0, plugin version 1.3.2-rc.1

      Related test case: FLPATH-3137

        1. flpath-3137-no-access-unauthorized-2026-02-11T20-37-43-000Z.png
          60 kB
          Gary Harden

              rh-ee-asmasarw Ashraf Masarwa
              gharden1 Gary Harden
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: