Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-4622

Quay 3.8.0 as superuser no activity log to audit the operation of deletion organization under other normal user

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • quay-v3.8.0
    • -area/superuser, quay
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide

      This issue is being reprioritized as Major since it has not been addressed within a few days or weeks of creation. We are using the OpenShift Bug Process critieria, https://source.redhat.com/groups/public/openshift/openshift_wiki/openshift_bugzilla_process#bug-priority:

      • BLOCKER: These are interrupt worthy bugs. Usually these would be CRITICAL or IMPORTANT severity bugs. Teams should immediately stop other items and address BLOCKER priority bugs. It should be worked until it is either resolved or the priority reduced. Leads and managers SHOULD always know the up-to-date status of these bugs.
      • CRITICAL: These are not necessarily immediately interrupt worthy, but likely cannot wait more than a few days for attention. Usually these would be CRITICAL or IMPORTANT severity bugs.
      • MAJOR: These should generally be scheduled for the current or next sprint and take precedence over feature work. These should not necessarily immediately interrupt ongoing work. Owners should be reporting daily on these in their standups.
      • NORMAL: These bugs should be evaluated, prioritized, and scheduled alongside all other work (ie. features) each sprint.
      • MINOR: These bugs should be periodically re-evaluated and may be scheduled along with other work. Bugs with a sustained low priority should be given strong consideration for closure.
      Show
      This issue is being reprioritized as Major since it has not been addressed within a few days or weeks of creation. We are using the OpenShift Bug Process critieria, https://source.redhat.com/groups/public/openshift/openshift_wiki/openshift_bugzilla_process#bug-priority: BLOCKER: These are interrupt worthy bugs. Usually these would be CRITICAL or IMPORTANT severity bugs. Teams should immediately stop other items and address BLOCKER priority bugs. It should be worked until it is either resolved or the priority reduced. Leads and managers SHOULD always know the up-to-date status of these bugs. CRITICAL: These are not necessarily immediately interrupt worthy, but likely cannot wait more than a few days for attention. Usually these would be CRITICAL or IMPORTANT severity bugs. MAJOR: These should generally be scheduled for the current or next sprint and take precedence over feature work. These should not necessarily immediately interrupt ongoing work. Owners should be reporting daily on these in their standups. NORMAL: These bugs should be evaluated, prioritized, and scheduled alongside all other work (ie. features) each sprint. MINOR: These bugs should be periodically re-evaluated and may be scheduled along with other work. Bugs with a sustained low priority should be given strong consideration for closure.

      Description:

      This is an issue found when enable superuser full access flag, as the storage mentioned, "any superuser action on tenant content can be audited", but on new UI when as a superuser deleted existing organization under other normal user, there's no way to audit this operation, Quay Customer may ask "how can I audit who delete that organization?", pls review this issue.

      Quay Image: quay-operator-bundle-container-v3.8.0-98

      Expected Behavior:

      https://issues.redhat.com/browse/PROJQUAY-1245 

      • any superuser action on tenant content can be audited

              Unassigned Unassigned
              lzha1981 luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: