Major Description of problem:
An org member user has granted with role permission "machine pool editor" for a cluster. But in org member user login session, the UI options behavior is inconsistent.
Details are below.
- All actions menu options are disabled for the user from the cluster . This is wrong and "Edit machine pool" option should be enabled as it is related to machine pool editor role definitions.
- "Edit cluster wide proxy" from Networking tab is enabled wrongly for the user. User allowed to update the changes. This is wrong as "machine pool editor" should not have access to update the same. Only org administrator or cluster owner or cluster editor roles should have the permission.
How reproducible:
Always
Steps to reproduce:
- Launch OCM UI staging and login as org-admin user.
- Open a ROSA hypershift or ROSA classic cluster.
- Go to access control tab > OCM roles and access , click "Grant" button.
- Input Redhat login with a valid user name (ex: use a org-member user)
- Select Role as Machine pool editor and Click on "Grant role".
- Login to OCM UI Staging with the user granted permission in step 4 .
- Select and Open the cluster(same as step 2).
- Go to "Networking" tab and click "Edit cluster-wide proxy settings" button.
- Try to update the definitions and see the behavior.
- Go to cluster overview tab, Click "Actions" menu and see the options.
Actual results:
At step 9, "Edit cluster-wide proxy" button enabled and user allowed to update the definitions for the cluster.
At step 10, All context menus under "Actions" options are disabled.
Expected results:
At step 9, "Edit cluster-wide proxy" button should be disabled and restrict the user from updating the same.
At step 10, All context menus except "Edit machine pool" option under "Actions" should be disabled.
- relates to
-
OCMUI-78 [OCM UI] A user granted with only role "machine pool editor", allowed to make other actions on the cluster
-
- Closed
-