You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Creating a stack outside of Portainer (i.e. compose.yaml file on the host machine) creates a default stack with access control limited to administrators.
When a non-admin user is logged in, the images being used for the default stack (with admin privileges ) are displayed as "Unused"
Expected Behavior
Non-admin user should not even be able to see the images being used by containers with elevated privileges.
Actual Behavior
All the images are displayed for the non-admin user. Makes the user "Think" they can safely delete them.
Steps to Reproduce
Create Portainer via docker compose.yaml on host machine.
Login to Portainer as Admin user.
Configure LDAP authentication.
Create a team "XYZ" that corresponds to group "XYZ" in Active Directory.
Under "Environments > Groups" click "manage access" for the default "docker" group.
Select "XYZ" team in the "Create access" tab and add it to the environment group.
Under "Stacks", the default stack "srv" created outside of portainer should only be accessible to administrators. For a stack created inside Portainer, modify the access control by "changing ownership" to "XYZ" team.
Before logging out as Admin, Click images and observe. Images being used by the default stack "srv" should show in use.
We have confirmed this bug in version 2.19.5. This was patched in our 2.20.x release, which no longer has the incorrect label of "unused" on images. Upgrading to 2.20.3, which is our latest STS release, will resolve this for you.
Before you start please confirm the following.
Problem Description
Creating a stack outside of Portainer (i.e.
compose.yaml
file on the host machine) creates a default stack with access control limited to administrators.When a non-admin user is logged in, the images being used for the default stack (with admin privileges ) are displayed as "Unused"
Expected Behavior
Non-admin user should not even be able to see the images being used by containers with elevated privileges.
Actual Behavior
All the images are displayed for the non-admin user. Makes the user "Think" they can safely delete them.
Steps to Reproduce
Portainer logs or screenshots
No response
Portainer version
2.19.5
Portainer Edition
Community Edition (CE)
Platform and Version
Docker 26.1.3
OS and Architecture
CentOS Stream 8
Browser
Safari v17.5
What command did you use to deploy Portainer?
Additional Information
Using LDAP authentication to poll Active Directory. User and Group searches are configured that correspond to "Teams" created in Portainer.
The text was updated successfully, but these errors were encountered: