Currently there is no restriction on machines that based on the scoped tenants, the restriction only apply on scoped environments
What can we do?
Apply the restrictions to machines based on scoped tenant. Check the filter logic in this class InaccessibleVariablesWillBeRemovedRule
The complication
Deployment target tenant setting can be Untenanted, Tenanted or Untenanted and Tenanted
Tenant scoped users should not be able to see untenanted machines
Tenant scoped users should not be able to see machine that does not scoped to the tenant
Untenanted users should not be able to see tenanted only machines
Should be more to add, let's have this one to start with
It is bad
Did a test that user scoped to 1 tenant T1
Project connected to tenants T1, T2 and T3
Deployment can only be made to T1
Thought that the user cannot deploy to the tenants that he does not have permission, but it does not prevent from other users from doing the deployment.
The impact: User can scope a variable to a machine that he is not allowed to with malicious value. He can then wait for another user with enough permission to deploy a release. malicious value will then get deployed to production.
The text was updated successfully, but these errors were encountered:
This thread has been automatically locked since there has not been any recent activity after it was closed. If you think you've found a related issue, please contact our support team so we can triage your issue, and make sure it's handled appropriately.
lockbot
locked as resolved and limited conversation to collaborators
Nov 23, 2018
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Ticket: https://help.octopus.com/t/users-role-is-not-filtering-accessible-deployment-targets-based-on-tenant/19298/8
Why
Currently there is no restriction on machines that based on the scoped tenants, the restriction only apply on scoped environments
What can we do?
Apply the restrictions to machines based on scoped tenant. Check the filter logic in this class
InaccessibleVariablesWillBeRemovedRuleThe complication
Deployment target tenant setting can be
Untenanted,Tenanted or UntenantedandTenantedIt is bad
Did a test that user scoped to 1 tenant
T1Project connected to tenants
T1,T2andT3Deployment can only be made to
T1Thought that the user cannot deploy to the tenants that he does not have permission, but it does not prevent from other users from doing the deployment.
The impact: User can scope a variable to a machine that he is not allowed to with malicious value. He can then wait for another user with enough permission to deploy a release. malicious value will then get deployed to production.
The text was updated successfully, but these errors were encountered: