-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
-
True
-
-
False
-
XCMSTRAT-66 - [closed] Allow OSD/ROSA classic customers to modify the default cluster autoscaler
-
-
Description of problem:
An org member user has granted with role permission "Cluster Autoscaler Editor" for a cluster. But in org member user login session from OCM UI, the below action are permitted wrongly.
- Allowed to create a cluster administrative users (under cluster roles and access) to the cluster.
- Allowed to grant a AWS infrastructure access roles from the cluster.
- Allowed to modify cluster ingress definitions from networking tab.
- Allowed to edit the the load balancer count/Definition from Cluster's actions menu.
- Allowed to Hibernate the cluster from cluster's action menu.
- Allowed to click "Add machine pool" button but creation of machine pool is forbidden
How reproducible:
Always
Steps to reproduce:
- Launch OCM UI staging and login as org-admin user.
- Open a OSD cluster.
- Go to access control tab > OCM roles and access , click "Grant" button.
- Input Redhat login with a valid user name (ex: use a org-member user)
- Select Role as Cluster Autoscaler editor and Click on "Grant role".
- Login to OCM UI Staging with the user granted permission in step 4 .
- Select and Open the cluster(same as step 2).
- Perform all above actions.
Actual results:
The user allowed to perform all above mentioned action wrongly against the cluster
Expected results:
The user with "Cluster autoscaler editor" should have only access to modify cluster autoscaler settings. All other actions should be restricted from UI.