Uploaded image for project: 'Red Hat OpenShift AI Engineering'
  1. Red Hat OpenShift AI Engineering
  2. RHOAIENG-1137

RHODS Admin page keeps showing users who lost permission access

    XMLWordPrintable

Details

    • False
    • Hide

      None

      Show
      None
    • False
    • Hide
      == Notebook server administration shows users who lost permission access

      If a user who previously started a notebook server in Jupyter loses their permissions to do so (for example, if an OpenShift Data Science administrator changes the user's group settings or removes the user from a permitted group), administrators continue to see the user's notebook servers on the server *Administration* page. As a consequence an administrator is able to restart notebook servers that belong to the user who's permissions were revoked.
      Show
      == Notebook server administration shows users who lost permission access If a user who previously started a notebook server in Jupyter loses their permissions to do so (for example, if an OpenShift Data Science administrator changes the user's group settings or removes the user from a permitted group), administrators continue to see the user's notebook servers on the server *Administration* page. As a consequence an administrator is able to restart notebook servers that belong to the user who's permissions were revoked.
    • Known Issue
    • Done
    • Low

    Description

      Description of problem:

      If a user who spawned a notebook loses the access permissions (e.g., a change in allowedGroups setting of dashboard), its username keeps appearing in the Administrator tab of KFNBC. This allows an admin to spawn a notebook for the user which shouldn't be allowed anymore to spawn servers.

      It doesn't happen for users who have never spawned a server earlier and then lose the permissions.

      Prerequisites (if any, like setup, operators/versions):

      RHODS Admin access

      Steps to Reproduce

      1. Access KFNBC using a RHODS admin
      2. move to Administration tab
      3. spawn a notebook for a userA and then stop it
      4. remove access permissions from userA (e..g, change the groups setting from dashboard or remove userA from an allowed group)
      5. go back to Administration tab
      6. try spawning a server for userA

      Actual results:

      Admins is allowed to spawn a server for a user who has lost permissions

      Expected results:

      Admins shouldn't see users who lost access permission to KFNBC and shouldn't be able to spawn notebook servers for the same users

      Reproducibility (Always/Intermittent/Only Once):

      Always, unless the users who lost permissions have never spawned a server earlier

      Build Details:

      RHODS v1.16.0-6

      Workaround:

      Unknown

      Additional info:

      None

      Attachments

        Activity

          People

            Unassigned Unassigned
            rhn-support-bdattoma Berto D'Attoma
            RHOAI Dashboard
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:

              PagerDuty