docs: decision about logs RBAC enforcement in release notes for 2.4

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
argoproj · Sep 9, 2022 · 1a528dd · 1a528dd
1 parent ed9cddb
commit 1a528dd
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/docs/operator-manual/upgrading/2.3-2.4.md b/docs/operator-manual/upgrading/2.3-2.4.md
@@ -119,8 +119,14 @@ p, role:org-admin, gpgkeys, create, my-proj/*, allow
 ## Enable logs RBAC enforcement
 
 2.4 introduced `logs` as a new RBAC resource. In 2.3, users with `applications, get` access automatically get logs
-access. In 2.5, you will have to explicitly grant `logs, get` access. Logs RBAC enforcement can be enabled with a flag
-in 2.4. We recommend enabling the flag now for an easier upgrade experience in 2.5.
+access. <del>In 2.5, you will have to explicitly grant `logs, get` access. Logs RBAC enforcement can be enabled with a flag
+in 2.4. We recommend enabling the flag now for an easier upgrade experience in 2.5.</del> 
+
+!!! important 
+    Logs RBAC enforcement **will not** be enabled by default in 2.5. This decision 
+    [was made](https://github.com/argoproj/argo-cd/issues/10551#issuecomment-1242303457) to avoid breaking logs access 
+    under [Project Roles](../../user-guide/projects.md#project-roles), which do not provide a mechanism to grant `logs`
+    resource access.
 
 To enabled logs RBAC enforcement, add this to your argocd-cm ConfigMap: