Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Business Edition - 403 forbidden when 'Environment Administrator' tries to re-create any container #11744

Closed
2 tasks done
zyuhel opened this issue Apr 30, 2024 · 6 comments
Closed
2 tasks done

Business Edition - 403 forbidden when 'Environment Administrator' tries to re-create any container #11744

zyuhel opened this issue Apr 30, 2024 · 6 comments
Assignees
@jamescarppe
Labels
bug/confirmed internal/jira kind/bug Applied to Bugs

Comments

@zyuhel
Copy link

zyuhel commented Apr 30, 2024

Before you start please confirm the following.

Problem Description

Users that have the Environment Administrator role are unable to recreate containers. Although can create/start/stop/delete any container.
This problem is on containers that were created by other users and also for containers created by this user.

Expected Behavior

Users have re-create button for containers and they should be able to re-create it.

Actual Behavior

It shows 403 error, and doesn't do anything. Nothing in logs.

Steps to Reproduce

  1. Use the Portainer GUI
  2. Login with Environment Administrator
  3. Select any running container
  4. Try to re-create container (either with re-pull image or not)
  5. See the error.

Portainer logs or screenshots

image

Portainer version

2.19.5

Portainer Edition

Business Edition (BE/EE) with 5NF / 3NF license

Platform and Version

Docker 25.0.3

OS and Architecture

Ubuntu 22.04.3 LTS, AMD64

Browser

Google Chrome 124.0

What command did you use to deploy Portainer?

docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ee:latest

Additional Information

I use custom registry for container sources and disabled docker hub registry for non admin users.
@jamescarppe
Copy link
Member

Thanks for this - I've been able to reproduce this here and have opened an internal issue.

Internal Ref: EE-7073

@jamescarppe jamescarppe self-assigned this May 7, 2024
@pcarranza-taag
Copy link

For those who have this problem and need to recreate the container, they can enable the webhook inside the container to execute the container recreation remotely.

@zyuhel
Copy link
Author

zyuhel commented Sep 5, 2024

@jamescarppe , Any information about the time it would take to fix this issue? Or the ACL won't correctly work in near future?

@jamescarppe
Copy link
Member

My understanding is that this should have been fixed in 2.21.0 - are you able to update and confirm this?

@zyuhel
Copy link
Author

zyuhel commented Sep 18, 2024

I would make a bit more testing, but it seems to be fine with 2.21.1

@jamescarppe
Copy link
Member

As we included a fix for this in 2.21.0 and have had no further reports of issues, I'm closing this issue as completed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jamescarppe jamescarppe

Labels
bug/confirmed internal/jira kind/bug Applied to Bugs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zyuhel @jamescarppe @pcarranza-taag