Description of problem: Start pipeline kebab action is disabled even if the developer user has create permissions on PipelineRun resource. Access review check should be on pipelineRun instead of pipeline resource. Customer wants to prevents non-technical users from modifying or creating pipelines but still allow then to start the existing pipelines. They have created a role that gives "view" access to "Pipeline" resources and "create" access to "PipelineRun" and "TaskRuns". Version-Release number of selected component (if applicable): 4.6 How reproducible: Always Steps to Reproduce: 1.Create a role with "view" access on "Pipeline" and "create" access on "PipelineRun" and "TaskRun" 2. Login as a user that has the above role 3. Go to a namespace with an exist pipeline and click on the Pipelines in the nav 4. Click on the kebab menu of the existing pipeline Actual results: "Start" is disabled while "Start Last Run" is enabled. The rest of actions are disabled. Expected results: "Start" and "Start Last Run" are enabled while the rest of actions are disabled. Additional info:
Created attachment 1772386 [details] The incorrect access review check on start pipeline kebab action is fixed-1
Created attachment 1772387 [details] The incorrect access review check on start pipeline kebab action is fixed-2
Verified on build version: 4.8.0-0.nightly-2021-04-16-032542 Browser version: Chrome 89
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438