Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-8759

GLOBAL_READONLY_SUPER_USERS have write access when FEATURE_SUPERUSERS_FULL_ACCESS is enabled

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Undefined Undefined
    • quay-v3.16.0
    • quay-v3.13.4
    • quay
    • False
    • Hide

      None

      Show
      None
    • False
    • User Experience
    • Quay Hosted
    • Hide

       

      1. Add the following configuration in config.yaml:

      ~~~

      FEATURE_SUPERUSERS_FULL_ACCESS: true
      GLOBAL_READONLY_SUPER_USERS:
        - user1
      SUPER_USERS:
        - user1

      ~~~

       

      2. Restart quay and login as user1

      3. Observe that the user can see all repositories (expected behavior).

      4. Try creating a new repository or modifying an existing one. And, observe that the user is able to perform write operations (unexpected).

      Show
        1. Add the following configuration in config.yaml : ~~~ FEATURE_SUPERUSERS_FULL_ACCESS: true GLOBAL_READONLY_SUPER_USERS:   - user1 SUPER_USERS:   - user1 ~~~   2. Restart quay and login as user1 3. Observe that the user can see all repositories (expected behavior) . 4. Try creating a new repository or modifying an existing one. And, observe that the user is able to perform write operations (unexpected).

      When FEATURE_SUPERUSERS_FULL_ACCESS: true is enabled in config.yaml, a user listed in both SUPER_USERS and GLOBAL_READONLY_SUPER_USERS unexpectedly retains read-write (RW) access instead of being restricted to read-only (RO).

        1. image-2026-01-07-16-42-34-301.png
          image-2026-01-07-16-42-34-301.png
          317 kB

              doconnor@redhat.com Dave O'Connor
              rhn-support-snangare Sameer Nangare
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: