Description
Is this a possible security vulnerability?
- This is NOT a possible security vulnerability
Describe the bug
The catalog_admin catalog role is intended to manage access privileges within a given catalog. The catalog_admin can create CatalogRoles and grant those roles privileges. However, as is, the catalog_admin cannot grant those CatalogRoles to PrincipalRoles.
The service_admin principal role manages Principals and PrincipalRoles, but is intended to be distinct from the catalog_admin in that the service_admin cannot grant privileges to catalog-level entities. This includes granting CatalogRoles to PrincipalRoles.
Thus, the only way to grant PrincipalRoles to catalog-level entities is for the service_admin to also be the catalog_admin for every catalog. This defeats the entire purpose of keeping these roles separate, which was to allow admins to separate responsibilities and prevent a single set of credentials from having the ability to access all data in any catalog within a realm.
To Reproduce
- As
service_admin, create a Catalog and grant thecatalog_adminrole to another PrincipalRole - As a member of this PrincipalRole, create a CatalogRole and attempt to grant it to a third PrincipalRole
Actual Behavior
No response
Expected Behavior
No response
Additional context
No response
System information
No response