Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-3072

Non-admin user with 'view' role can't see any logs in 'Logs' view

XMLWordPrintable

    • False
    • None
    • False
    • NEW
    • OBSDA-8 - Allow log exploration natively inside the OpenShift Console to reduce the number of UIs users need to access and use to a bare minimum
    • VERIFIED
    • Before this update, a user was not able to view the application logs of namespaces they have access to. With this update, the Loki Operator automatically creates a cluster role and cluster role binding allowing users to read application logs.
    • Log Storage - Sprint 224, Log Storage - Sprint 225, Log Storage - Sprint 226, Log Storage - Sprint 227

      Steps to reproduce the issue:
      1. Enable the "Console plugin" by following the testing steps in the doc
      2. Assign view rule to a non-admin user (ex: testuser-0)
      oc adm policy add-cluster-role-to-user view testuser-0
      3. Create application for logs with  testuser-0
      4. login to console with testuser-0

      Actual: 

       

      Expected: 

      • Query for "infrastructure" or "audit" logs shows nothing.
      • Query for "application" logs shows only logs that the user has permission to see, i.e. logs for contains that the user can view using
        oc logs

              rojacob@redhat.com Robert Jacob
              gkarager Giriyamma Karagere Ramaswamy (Inactive)
              Giriyamma Karagere Ramaswamy Giriyamma Karagere Ramaswamy (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: