2103975 – [GSS] The OCP dashboard is showing the "Openshift Data Foundation" to unpriviledged users

Bug 2103975 - [GSS] The OCP dashboard is showing the "Openshift Data Foundation" to unpriviledged users

Summary: [GSS] The OCP dashboard is showing the "Openshift Data Foundation" to unpriv...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenShift Data Foundation
Classification:	Red Hat Storage
Component:	management-console
Sub Component:
Version:	4.10
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	high
Target Milestone:	---
Target Release:	ODF 4.12.0
Assignee:	Sanjal Katiyar
QA Contact:	Mahesh Shetty
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2116262 2116263 2116264 2119335
TreeView+	depends on / blocked

Reported:	2022-07-05 12:55 UTC by Priya Pandey
Modified:	2023-12-08 04:29 UTC (History)
CC List:	15 users (show)
Fixed In Version:	4.11.0-127
Doc Type:	Known Issue
Doc Text:	Previously, unprivileged users with no administrator rights had access to OpenShift Data Foundation dashboard pages. With this update, the unprivileged users are restricted from accessing the dashboard pages by hiding the dashboard pages from those users.
Clone Of:
Clones:	2116262 2116263 2116264 (view as bug list)
Environment:
Last Closed:	2023-01-31 00:19:21 UTC
Embargoed:

Attachments	(Terms of Use)
ODF dashboard (85.97 KB, image/png) 2022-07-05 12:55 UTC, Priya Pandey	no flags	Details
View All

Links
System	ID	Priority	Status	Summary	Last Updated
Github	red-hat-storage ocs-ci pull 6808	None	Merged	Ui automate bz2103975	2022-12-26 07:17:22 UTC
Github	red-hat-storage odf-console pull 348	None	open	[release-4.11] Bug 2103975: The ODF dashboard showing the to unpriviledged users	2022-07-25 11:17:34 UTC
Github	red-hat-storage odf-console pull 349	None	open	[release-4.11-compatibility] Bug 2103975: The ODF dashboard showing the to unpriviledged users	2022-07-25 11:17:49 UTC
Github	red-hat-storage odf-console pull 361	None	open	Bug 2103975: Add admin flag (for hiding Data Foundation navItem from non-admin users)	2022-08-17 14:49:15 UTC
Red Hat Product Errata	RHBA-2023:0551	None	None	None	2023-01-31 00:20:04 UTC

Description Priya Pandey 2022-07-05 12:55:39 UTC

Created attachment 1894681 [details]
ODF dashboard

Description of problem (please be detailed as possible and provide log
snippests):

- The Openshift Data Foundation is visible to the unprivileged users:


OCP: v4.10.17
ODF: v4.10.3


- This is kind of misleading to the user, as when they click on the tab it doesn't show any details. (Ref ODFv4.10.png)

- It shows various error messages or "Data not found" for all the sections.

- Do we expect the other non-privileged users to see this Tab?

- If no, then the "Openshift Data Foundation" shouldn't be visible.


Version of all relevant components (if applicable):
v4.10.17

Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?

- This creates confusion for the non-privileged users that they can be able to see the details of the ODF cluster



Is there any workaround available to the best of your knowledge?

- N/A

Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?

- 2

Can this issue reproducible?

Yes

Can this issue reproduce from the UI?

Yes

If this is a regression, please provide more details to justify this:
N/A

Steps to Reproduce:
1. Create a user 
2. Don't give any role to the user
3. Access the OCP dashboard with the user.
4. The "Openshift Data Foundation" Tab is visible.


Actual results:

- The "Openshift Data Foundation" is visible to unprivileged users.

Expected results:


- The "Openshift Data Foundation" should not be visible to unprivileged users.

Additional info:

Comment 2 Bipul Adhikari 2022-07-06 08:44:37 UTC

We should show a Restricted access similar to how we show for PV pages.

Comment 8 Bipul Adhikari 2022-07-25 11:40:04 UTC

Agreed. Removing ODF altogether for unpriv. users.

Comment 14 krishnaram Karthick 2022-08-08 05:37:56 UTC

Removed 4.9.z? 4.10.z? and 4.11.z? flags from this bug and created clones for their respective releases. 

4.11 backport clone - https://bugzilla.redhat.com/show_bug.cgi?id=2116262
4.10 backport clone - https://bugzilla.redhat.com/show_bug.cgi?id=2116263 
4.9 backport clone - https://bugzilla.redhat.com/show_bug.cgi?id=2116264

Comment 27 errata-xmlrpc 2023-01-31 00:19:21 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenShift Data Foundation 4.12.0 enhancement and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:0551

Comment 28 Red Hat Bugzilla 2023-12-08 04:29:28 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days

Note You need to log in before you can comment on or make changes to this bug.