Release 2.29.0.0-b146: [PLAT-18841][PLAT-18818] Add stricter RBAC to continuous backup actions · yugabyte/yugabyte-db

2.29.0.0-b146
b6524e7
Choose a tag to compare

Filter

View all tags

2.29.0.0-b146: [PLAT-18841][PLAT-18818] Add stricter RBAC to continuous backup actions

2.29.0.0-b146
b6524e7
Choose a tag to compare

Filter

View all tags

Jethro-M tagged this 06 Nov 02:30

Summary:
Prior to this diff, all continuous/isolated YBA backup API requests only required `READ` access on `OTHER` resource.
We want to be stricter here.
In particular, restoring from a YBA backup is an extremely destructive operation that
can overwrite existing data. To prevent accidental or unauthorized use, this change restricts all create/edit backup & restore actions
to users with SUPER_ADMIN_ACTION permissions only.

On the UI side, this diff adds logic to read and verify that the user has sufficient permissions for performing continuous/isolated backup actions.

Test Plan:
Test continuous/isolated backup workflow with users who have different access levels.
Users who don't have SUPER_ADMIN_ACTION permission should not be allowed to restore YBA backups.
Verify the restrictions put in place by our RBAC implementation are as expected.

{F409070}
{F409071}
Read-only User
{F409072}
{F409073}

Reviewers: muthu, rmadhavan

Reviewed By: muthu

Subscribers: yugaware

Differential Revision: https://phorge.dev.yugabyte.com/D47813

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Uh oh!