Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-2918

[release-5.5] Non-admin user with 'view' role can't see any logs in 'Logs' view

    XMLWordPrintable

Details

    • False
    • None
    • False
    • NEW
    • OBSDA-8 - Allow log exploration natively inside the OpenShift Console to reduce the number of UIs users need to access and use to a bare minimum
    • VERIFIED
    • Hide
      Workaround:
      The cluster-logging-operator currently does not provide read-only access to application logs for non-admin users automatically. As a workaround for this issue, manually create a ClusterRole and ClusterRoleBinding granting the necessary privileges.

      Fix:
      Before this update, a user was not able to view the application logs of namespaces they have access to. With this update, the Loki Operator automatically creates a cluster role and cluster role binding allowing users to read application logs.
      Show
      Workaround: The cluster-logging-operator currently does not provide read-only access to application logs for non-admin users automatically. As a workaround for this issue, manually create a ClusterRole and ClusterRoleBinding granting the necessary privileges. Fix: Before this update, a user was not able to view the application logs of namespaces they have access to. With this update, the Loki Operator automatically creates a cluster role and cluster role binding allowing users to read application logs.
    • Log Storage - Sprint 224, Log Storage - Sprint 225

    Description

      Steps to reproduce the issue:
      1. Enable the "Console plugin" by following the testing steps in the doc
      2. Assign view rule to a non-admin user (ex: testuser-0)
      oc adm policy add-cluster-role-to-user view testuser-0
      3. Create application for logs with  testuser-0
      4. login to console with testuser-0

      Actual: 

       

      Expected: 

      • Query for "infrastructure" or "audit" logs shows nothing.
      • Query for "application" logs shows only logs that the user has permission to see, i.e. logs for contains that the user can view using
        oc logs

      Attachments

        Issue Links

          Activity

            People

              rojacob@redhat.com Robert Jacob
              gkarager Giriyamma K R
              Giriyamma K R Giriyamma K R
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: