Details
-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
SaaS, 2.14.1 GA
-
False
-
False
-
Not Started
-
Not Started
-
Not Started
-
Not Started
-
Not Started
-
Not Started
-
-
Description
When assigning Analytics permissions (Access & query analytics) to a member user and this user tries to access a Backend analytics through the Admin Portal dashboard it's returning the message Access Denied.
The problem seems to be that there's no top level menu item that allows navigating to analytics directly. Inspecting the Admin Portal dashboard I can see that the Backend urls are referencing to /p/admin/backend_apis/<backend_id> directly instead of /p/admin/backend_apis/<backend_id>/stats/usage:
<a href="/p/admin/backend_apis/3" id="single-action-item1">HTTPBIN_BACKEND</a>
I'm sharing the system-provider log below:
[0eee153d-e7fa-4ce8-9df7-1f8dd8cb4ef2] [10.131.1.54] [10.131.0.1] Started GET "/check.txt" for 10.131.0.1 at 2021-08-27 20:09:24 +0000 [0eee153d-e7fa-4ce8-9df7-1f8dd8cb4ef2] [10.131.1.54] [10.131.0.1] Processing by ChecksController#check as */* [0eee153d-e7fa-4ce8-9df7-1f8dd8cb4ef2] [10.131.1.54] [10.131.0.1] Rendering text template [0eee153d-e7fa-4ce8-9df7-1f8dd8cb4ef2] [10.131.1.54] [10.131.0.1] Rendered text template (0.0ms) [0eee153d-e7fa-4ce8-9df7-1f8dd8cb4ef2] [10.131.1.54] [10.131.0.1] Completed 200 OK in 4ms (Views: 0.8ms | ActiveRecord: 0.0ms) 10.131.0.1 - - [27/Aug/2021:20:09:24 +0000] "GET /check.txt HTTP/1.1" 200 - 0.0095 [5e5a06b5-44d8-4336-9d7d-66f19bd5a297] [3scale-admin.apps.ocp4amp.lab.upshift.rdu2.redhat.com] [10.0.91.25] Started GET "/p/admin/backend_apis/3" for 10.0.91.25 at 2021-08-27 20:09:26 +0000 [5e5a06b5-44d8-4336-9d7d-66f19bd5a297] [3scale-admin.apps.ocp4amp.lab.upshift.rdu2.redhat.com] [10.0.91.25] Processing by Provider::Admin::BackendApisController#show as HTML [5e5a06b5-44d8-4336-9d7d-66f19bd5a297] [3scale-admin.apps.ocp4amp.lab.upshift.rdu2.redhat.com] [10.0.91.25] Parameters: {"id"=>"3"} [5e5a06b5-44d8-4336-9d7d-66f19bd5a297] [3scale-admin.apps.ocp4amp.lab.upshift.rdu2.redhat.com] [10.0.91.25] ~> gmpereir has_permission?(finance) => false [5e5a06b5-44d8-4336-9d7d-66f19bd5a297] [3scale-admin.apps.ocp4amp.lab.upshift.rdu2.redhat.com] [10.0.91.25] ~> gmpereir has_permission?(partners) => false [5e5a06b5-44d8-4336-9d7d-66f19bd5a297] [3scale-admin.apps.ocp4amp.lab.upshift.rdu2.redhat.com] [10.0.91.25] ~> gmpereir has_permission?(monitoring) => true [5e5a06b5-44d8-4336-9d7d-66f19bd5a297] [3scale-admin.apps.ocp4amp.lab.upshift.rdu2.redhat.com] [10.0.91.25] ~> gmpereir has_permission?(finance) => false [5e5a06b5-44d8-4336-9d7d-66f19bd5a297] [3scale-admin.apps.ocp4amp.lab.upshift.rdu2.redhat.com] [10.0.91.25] ~> gmpereir has_permission?(partners) => false [5e5a06b5-44d8-4336-9d7d-66f19bd5a297] [3scale-admin.apps.ocp4amp.lab.upshift.rdu2.redhat.com] [10.0.91.25] ~> gmpereir has_permission?(plans) => false [5e5a06b5-44d8-4336-9d7d-66f19bd5a297] [3scale-admin.apps.ocp4amp.lab.upshift.rdu2.redhat.com] [10.0.91.25] ~> gmpereir has_permission?(settings) => false [5e5a06b5-44d8-4336-9d7d-66f19bd5a297] [3scale-admin.apps.ocp4amp.lab.upshift.rdu2.redhat.com] [10.0.91.25] ~> gmpereir has_permission?(monitoring) => true [5e5a06b5-44d8-4336-9d7d-66f19bd5a297] [3scale-admin.apps.ocp4amp.lab.upshift.rdu2.redhat.com] [10.0.91.25] ~> gmpereir has_permission?(portal) => false [5e5a06b5-44d8-4336-9d7d-66f19bd5a297] [3scale-admin.apps.ocp4amp.lab.upshift.rdu2.redhat.com] [10.0.91.25] ~> gmpereir has_permission?(legal) => false [5e5a06b5-44d8-4336-9d7d-66f19bd5a297] [3scale-admin.apps.ocp4amp.lab.upshift.rdu2.redhat.com] [10.0.91.25] Handling Exception: You are not authorized to access this page. with status forbidden [5e5a06b5-44d8-4336-9d7d-66f19bd5a297] [3scale-admin.apps.ocp4amp.lab.upshift.rdu2.redhat.com] [10.0.91.25] Rendering errors/provider/forbidden.html.erb within layouts/error [5e5a06b5-44d8-4336-9d7d-66f19bd5a297] [3scale-admin.apps.ocp4amp.lab.upshift.rdu2.redhat.com] [10.0.91.25] Rendered errors/provider/forbidden.html.erb within layouts/error (0.1ms) [5e5a06b5-44d8-4336-9d7d-66f19bd5a297] [3scale-admin.apps.ocp4amp.lab.upshift.rdu2.redhat.com] [10.0.91.25] Rendered provider/_analytics.html.erb (0.1ms) [5e5a06b5-44d8-4336-9d7d-66f19bd5a297] [3scale-admin.apps.ocp4amp.lab.upshift.rdu2.redhat.com] [10.0.91.25] Rendered provider/_logo.html.slim (0.0ms) [5e5a06b5-44d8-4336-9d7d-66f19bd5a297] [3scale-admin.apps.ocp4amp.lab.upshift.rdu2.redhat.com] [10.0.91.25] Rendered provider/_footer_powered_by_part.html.slim (0.0ms) [5e5a06b5-44d8-4336-9d7d-66f19bd5a297] [3scale-admin.apps.ocp4amp.lab.upshift.rdu2.redhat.com] [10.0.91.25] Completed 403 Forbidden in 92ms (Views: 4.5ms | ActiveRecord: 7.6ms) 10.0.91.25 - - [27/Aug/2021:20:09:26 +0000] "GET /p/admin/backend_apis/3 HTTP/1.1" 403 - 0.1033 10.0.91.25 - - [27/Aug/2021:20:09:27 +0000] "GET /assets/error-a0706ff249c33f59e35929b3c67bbff618f9ebb43fa4a06a4ee13d933ea28404.css HTTP/1.1" 200 15575 0.0037
If this can't be fixed, we should change the permission name to make it more clear to the use (since they do have access at the product level).
Attachments
Issue Links
- is related to
-
THREESCALE-6482 User with 'Analytics' role cannot view products without additional r/w role granted
- To Define
- links to
- mentioned on