Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: User able to add/update users without sufficient permissions #5858

Closed
2 tasks done
kartik-579 opened this issue Sep 18, 2024 · 0 comments · Fixed by #5804
Closed
2 tasks done

Bug: User able to add/update users without sufficient permissions #5858

kartik-579 opened this issue Sep 18, 2024 · 0 comments · Fixed by #5804
Assignees
@prakarsh-dt @vikramdevtron
Labels
bug Something isn't working

Comments

@kartik-579
Copy link
Member

📜 Description

In some cases, a user is able to create/update another user or permission group even if not having sufficient permissions.

👟 Reproduction steps

  1. Try to add user with view only permission only devtron apps, it gets successful.
  2. Downgrade superadmin user(given through a permission group) with a non-superadmin user, it gets completed successfully.

👍 Expected behavior

User should not be able to give permissions with lower level of permission set.

👎 Actual Behavior

User is able to give permissions with lower level of permission set.

☸ Kubernetes version

1.23

Cloud provider

🌍 Browser

Chrome

🧱 Your Environment

No response

✅ Proposed Solution

No response

👀 Have you spent some time to check if this issue has been raised before?

  • I checked and didn't find any similar issue

🏢 Have you read the Code of Conduct?
@kartik-579 kartik-579 added the bug Something isn't working label Sep 18, 2024
@kartik-579 kartik-579 mentioned this issue Sep 18, 2024
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@prakarsh-dt prakarsh-dt

@vikramdevtron vikramdevtron

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: fixed user rbac flows devtron-labs/devtron
3 participants
@prakarsh-dt @vikramdevtron @kartik-579