Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: None
Affects Version/s: rhos-18.0.13
Component/s: neutron-operator
Labels:
- Security

Story Points:
0
Epic Link:
[BugEpic]: Reader role users are able to delete network ports in RHOSO, which violates expected read-only permissions.
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Docs Approval:
?
Fixed in Build:
openstack-neutron-22.2.2-18.0.20251219104727.51e19bb
AssignedTeam:
rhos-connectivity-neutron
Regression:
None
Intelligence Requested:
Market:
PX Impact Score:

Sprint:
Neutron Quark 1
sprint_count:
1
Severity:
Important

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

The customer reported that users with the "reader" role in RHOSO are able to delete network ports, which contradicts the intended read-only nature of the role. This behavior has caused security and compliance concerns, preventing QA approval for deployments.{}

The issue has been consistently reproduced across multiple environments — both default and non-default project setups — and no custom roles or policy overrides were found in the configurations.

links to

Add NET_OWNER_MEMBER and NET_OWNER_READER policy rules

mentioned on

Merge request - Add NET_OWNER_MEMBER and NET_OWNER_READER policy rules

Assignee:: Slawomir Kaplonski

Reporter:: Parag Ambre

Team:: rhos-dfg-networking-squad-neutron

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2025/12/15 7:12 AM

Updated:: 2026/01/07 8:54 AM

Resolved:: 2026/01/05 3:02 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

PagerDuty