Bug 2140534
| Summary: | [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Container Native Virtualization (CNV) | Reporter: | Guohua Ouyang <gouyang> | ||||
| Component: | User Experience | Assignee: | Dana Orr <dorr> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Guohua Ouyang <gouyang> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 4.12.0 | CC: | gouyang | ||||
| Target Milestone: | --- | ||||||
| Target Release: | 4.12.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2023-01-24 13:41:51 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Instead of giving errors for specific action, I think it would be better to disable these active element for the view only user. So I logged a bug to review all active elements on VM and Template pages: https://bugzilla.redhat.com/show_bug.cgi?id=2140539 If we prefer to do it in bug 2140539, this one can be closed. verified on v4.12.0-172 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Virtualization 4.12.0 Images security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:0408 |
Created attachment 1922658 [details] view only user to visit VM VNC console Description of problem: It should give a permission error when user click VNC play or VNC connect button for view only user. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. create a running vm in a project 2. create a non-admin user and assign view only permission to the project $ oc adm policy add-role-to-user view test -n default 3. view the VM VNC console Actual results: nothing happens when clicking the VNC play button Expected results: Give an error like the command line: $ virtctl vnc -n ecosystem-engineering centos-stream8-slight-hamster Can't access VMI centos-stream8-slight-hamster: virtualmachineinstances.subresources.kubevirt.io "centos-stream8-slight-hamster" is forbidden: User "dkenigsb" cannot get resource "virtualmachineinstances/vnc" in API group "subresources.kubevirt.io" in the namespace "ecosystem-engineering" Additional info: