Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-25885

User with limited privilege while impersonating can view the data in Observer -> Dashboard

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 4.15
    • Observability UI
    • None
    • No
    • False
    • Hide

      None

      Show
      None

      Description of problem:

          user with sufficient privilege cannot view the data in Observer -> Dashboard, but the data could be checked via Impersonating User

      Version-Release number of selected component (if applicable):

          4.15.0-0.nightly-2023-12-25-100326

      How reproducible:

      Always

      Steps to Reproduce:

          1.Create ClusterRole
      oc create -f <<EOF
      apiVersion: rbac.authorization.k8s.io/v1
      kind: ClusterRole
      metadata:
        name: auto-test-metrics-reader
      rules:
        - apiGroups:
            - ''
      resources:
        - namespaces
      verbs:
        - get
        - list
        - watch
      EOF     
    2. Grant the cluster role to a normal user
      $oc adm policy add-cluster-role-to-user auto-test-metrics-reader <User>     
    3. Login OCP as normal user, navigate to Observe -> Dashboards page
    4. Check if user is able to view
    5. Login OCP as administrator, navigate to Users page, and 'Impersonate User', then repeat the check in Step 3-4

      Actual results:

          user cannot view the data in the dashboard

      Expected results:

          'Impersonate user' and 'normal user' should have same behavior

      Additional info:

          https://drive.google.com/file/d/1HeaP1bh4wTlNXM-PRm1R8Xqz8QUC6yJw/view?usp=drive_link

            gbernal@redhat.com Gabriel Bernal
            rhn-support-xiyuzhao Xiyun Zhao
            Xiyun Zhao Xiyun Zhao
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: