Details
-
Bug
-
Resolution: Won't Do
-
Normal
-
None
-
Logging 5.4.7
-
None
-
False
-
None
-
False
-
NEW
-
NEW
-
Medium
Description
Description of problem:
If a user is assigned with project admin role for openshift-* projects, then the user is not able to view the respective project logs in kibana.
Version-Release number of selected component (if applicable):
Reproduced in 5.4.7
How reproducible:
100%
Steps to Reproduce:
1. Install Elasticsearch Operator and Logging Operator.
2. Create any user with project admin provileges.
$ oc adm policy add-role-to-user admin user1 -n openshift-monitoring
3. Check if index pattern can be created in kibana.
4. Kibana doesn't list the infra index for "user1".
5. However, if the user is assigned "cluster-reader" clusterrole, then infra index pattern can be created.
Actual results:
Infra project admins (openshift-*) can't view their respective project specific logs in kibana. Additional role has to be assigned to view the logs.
Expected results:
Infra project admins should be able to create index pattern for infra indixes.