The UI does not properly obey the "disable roles" feature #1610
Comments
|
Does this apply to the new security PR or |
|
And can you provide more detail? |
|
Sorry, this applies to 2.0.1 Final as we discussed with Hugo. We have a property in the backend that enabled/disable role checking but the UI is not aware of that property and if authentication is enabled is looking for roles. With the new proposal and or, I think we can probably close this issue. |
|
OK great - yes the new security approach fixes this issue. We should leave this open to be fixed in the 2.0.x branch (if possible). |
EricWittmann
changed the title
|
Closing, this was fixed. |
|
@carlesarnal Just to confirm, this was fixed in master and in the 2.0.x branch now also? If so, I can remove it from the downstream Release Notes as a Known Issue. Thanks |
|
Removed v2.0.x Known Issue from downstream release notes (https://issues.redhat.com/browse/IPT-736) |
|
Sorry @smccarthy-ie, yes, issue fixed. |
|
Cool, thanks @carlesarnal |
The backend can be configured to disable role based authorization. When the server is configured in that way, authentication credentials are required, but roles are ignored - meaning that any authenticated user can preform any action. The UI currently does not support that configuration. The UI assumes that if authentication is enabled, then role based authorization is also enabled.
The text was updated successfully, but these errors were encountered: