Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-6482

User with 'Analytics' role cannot view products without additional r/w role granted

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Major Major
    • None
    • SaaS, 2.14.0 GA, 2.15.3 GA
    • System
    • False
    • False
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Undefined
    • Hide

      Steps to reproduce:

      • Login in the Admin Portal with a member user that has only "Access & query analytics" permissions - for 6 products (it can be any 6 products)
      • Navigate to the dashboard and see that 5 products are listed
      • Try to access the view "Explore all Products" so that the user logged in can find the 6th Product link to access the analytics view and you'll get the "Access Denied" error

      When assigning Analytics permissions (Access & query analytics) to a member user and this user tries to access a Products page through the Admin Portal, it's returning the message Access Denied. User cannot navigate to a specific product, nor see all products that should see and access their analytics. From dashboard is possible to navigate only to latest updated products (this workflow works) but not for older products.
      That is, the user cannot access the link which would take them to the view that they do have access to because if that Product is not rendered in the Dashboard view (only 5 products are listed there) then there will always be n products missing for every 5 + nth Product they have permission to access.

      Show
      Steps to reproduce: Login in the Admin Portal with a member user that has only "Access & query analytics" permissions - for 6 products (it can be any 6 products) Navigate to the dashboard and see that 5 products are listed Try to access the view "Explore all Products" so that the user logged in can find the 6th Product link to access the analytics view and you'll get the "Access Denied" error When assigning Analytics permissions ( Access & query analytics) to a member user and this user tries to access a Products page through the Admin Portal, it's returning the message Access Denied . User cannot navigate to a specific product, nor see all products that should see and access their analytics. From dashboard is possible to navigate only to latest updated products (this workflow works) but not for older products. That is, the user cannot access the link which would take them to the view that they do have access to because if that Product is not rendered in the Dashboard view (only 5 products are listed there) then there will always be n products missing for every 5 + nth Product they have permission to access.

      If a 3scale user is granted the 'Analytics' role in the UI, they will not have the ability to view the full Product listing in order to access Product Analytics unless they are also granted the 'Products' r/w/d access.
      User will have the ability to view individual Products via URL and from the small list on the Admin Portal landing page.

      Customer has advised that granting additional write/delete access for what should be essentially a read-only role is unacceptable.

              Unassigned Unassigned
              rhn-support-ahobson Aimi Hobson
              Daria Mayorova Daria Mayorova
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: