Uploaded image for project: 'Observability UI'
  1. Observability UI
  2. OU-1115

non cluster-admin user can access cluster level dashboards - all populated with "forbidden"

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • openshift-4.19
    • Admin-Console
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      without having the developer console enabled, logged in as a non cluster-admin user If I follow the navigation:

      home -> projects -> $USERNAMESPACE -> utilization panel (middle of the screen)

      • `k8s/cluster/projects/ns1`

      clicking on this panel leads to `/dev-monitoring/ns/ns1/metrics?` from here I can access `/monitoring/dashboards/dashboard-k8s-resources-namespace?timeRange=1800000` giving access to all of the cluster-admin dashboards populated with "forbidden"

      Reproduced on 4.19.19 and 4.20.4 using the demo app in this KCS -

      https://access.redhat.com/articles/7024800

              gbernal@redhat.com Gabriel Bernal
              rhn-support-nigsmith Nigel Smith
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: