Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
This project is now read‑only. Starting Monday, February 2, please use https://ibm-ceph.atlassian.net/ for all bug tracking management.

Bug 2112325

Summary: [RGW][RFE][Please, add a more limited capability than 'users=read' for admin API requests that don't require access to users keys. ]
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: nravinas
Component: RGWAssignee: Ali Maredia <amaredia>
Status: CLOSED ERRATA QA Contact: Hemanth Sai <hmaheswa>
Severity: medium Docs Contact: Akash Raj <akraj>
Priority: unspecified    
Version: 5.1CC: akraj, amaredia, cbodley, ceph-eng-bugs, cephqe-warriors, kbader, kdreyer, kkeithle, mbenjamin, mkasturi, tserlin
Target Milestone: ---Keywords: FutureFeature
Target Release: 7.1   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: ceph-18.2.1-14.el9cp Doc Type: Enhancement
Doc Text:
.A new Ceph Object Gateway admin-ops capability is added to allow reading user metadata but not their associated authorization keys With this enhancement, a new Ceph Object Gateway admin-ops capability is added to allow reading Ceph Object gateway user metadata but not their associated authorization keys. This is to reduce the privileges of automation and reporting tools and to avoid impersonating users or view their keys.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2024-06-13 14:19:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2267614, 2298578, 2298579    

Description nravinas 2022-07-29 10:55:37 UTC 
Description of problem:

Please, add a more limited capability than 'users=read' for admin API requests that don't require access to users' keys.
Comment 19 Ken Dreyer (Red Hat) 2024-01-29 21:53:04 UTC 
Ali's https://github.com/ceph/ceph/pull/50313 is closed. What is the next step for this BZ?
Comment 28 errata-xmlrpc 2024-06-13 14:19:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Critical: Red Hat Ceph Storage 7.1 security, enhancements, and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:3925
Comment 29 Red Hat Bugzilla 2025-02-16 04:25:02 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days