Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Packs are not listed in WEBUI for users with observer role #4063

Closed
SURAJTHEGREAT opened this issue Apr 5, 2018 · 4 comments · Fixed by #4064
Closed

Packs are not listed in WEBUI for users with observer role #4063

SURAJTHEGREAT opened this issue Apr 5, 2018 · 4 comments · Fixed by #4064
Assignees
@Kami
Milestone
2.7.0

Comments

@SURAJTHEGREAT
Copy link

SURAJTHEGREAT commented Apr 5, 2018
edited

Hi Team,

In stackstorm WebUI , page does not render on clicking packs tab by logged in user having observer role.

It highlighted the below error when checked in debug logs of browser
{ **"faultstring": "User \"arul\" doesn't have required permission \"pack_search\""** }

How can the permission pack_search be appended to observer role?

Is it possible to provide pack_search permission for all the packs as
--- name: "pack_search_role" description: "Role which grants pack_search permission to all packs" permission_grants: - resource_uid: "packs" permission_types: - "pack_search"

Is this a know issue?

Please look into this and advice. Also find screenshot for the same.
pack_search_error

Thanks,
Suraj S
@Kami
Copy link
Member

Kami commented Apr 5, 2018

Thanks for reporting this.

This looks like an oversight on our side - it makes sense for "observer" role to also grant PACK_SEARCH permission.

@Kami Kami added this to the 2.7.0 milestone Apr 5, 2018
@Kami Kami self-assigned this Apr 5, 2018
@SURAJTHEGREAT
Copy link
Author

@Kami Thanks for the quick reply..

Can you validate if we can create a role that provides permission for all packs

name: "pack_search_role"
description: "Role which grants pack_search permission to all packs"
permission_grants:
    -
        resource_uid: "packs"
        permission_types:
           - "pack_search"

@Kami Kami mentioned this issue Apr 5, 2018
Merged
@SURAJTHEGREAT SURAJTHEGREAT changed the title PACKS ARE NOT LISTED IN WEBUI FOR USERS WITH OBSERVER ROLE Packs are not listed in WEBUI for users with observer role Apr 5, 2018
@Kami Kami closed this as completed in #4064 Apr 5, 2018
@Kami
Copy link
Member

Kami commented Apr 5, 2018

@SURAJTHEGREAT Right now we don't support globs in resource_uid field and ability to grant permissions on all or a set of resources which match a particular glob.

This means you would need to explicitly grant pack_search permission on all the packs which are in the system.

So something like this:

...
    -
        resource_uid: "packs:pack1"
        permission_types:
           - "pack_search"
    -
        resource_uid: "packs:pack1"
        permission_types:
           - "pack_search"
....

Also, #4064 has been merged and will be included in the next release (v2.7.0).

@Kami Kami mentioned this issue Apr 5, 2018
Open
@Kami
Copy link
Member

Kami commented Apr 5, 2018

I opened an issue for ability to grant permission on all resources of a specific type - #4066.

This might still come handy in some scenarios even now that #4064 fix is in master.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Kami Kami

Labels
None yet
Projects
None yet
Milestone
2.7.0
Development

Successfully merging a pull request may close this issue.

Observer role should also grant "pack_search" view permission StackStorm/st2
2 participants
@Kami @SURAJTHEGREAT