-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DYNAMIC RBAC User added to a cluster with "manage-cluster-members" is not able to modify users of the cluster. #11116
Comments
@sangeethah i think this should be an API issue. If we want to change the way a role functions I don't think that should be happening on the front end and this seems to be a permission error coming from the API not the UI. |
@westlywright to be clear, the role does exactly what it states: gives the permission to CRUD members of the cluster (POST/PUT/DELETE CRTBs). But the UI throws in a PUT to the cluster to update the name/description which has nothing to do with managing members and that is failing. Looks like this will be addressed as part of dynamic RBAC, wherein the API will remove the update link from the cluster and the UI will key off of its presence/absence to do the PUT. More details here: Will keep the discussion thread in that issue |
If you update the members from the members tab of a cluster, you will be able to manage cluster membership. The reason why it doesn't work in "Edit Cluster" is because you are trying to also edit the cluster, which you don't have permissions. |
When confirming that this use case is working, we should also test CLI to ensure that this use case in this issue is also fixed: #12892 |
Rancher versions: v2.0 built on jan23
Steps to reproduce the problem:
Create a cluster c1.
Create a project P1.
Add "user1" with "manage-cluster-member" option.
Log in as user1.
Try to edit cluster c1 and add a new user to the cluster.
This fails with
The request made by UI is edit cluster for which the user does not have access to fails:
We should be able to decouple the edit cluster action and add/edit member to cluster action.
The text was updated successfully, but these errors were encountered: