kafka-ui icon indicating copy to clipboard operation
kafka-ui copied to clipboard
verified publisher icon provectus

[RBAC] Deny access to user with no permissions

Open BulatKha opened this issue 3 years ago • 8 comments

Might be taken into work after the #753

Which version of the app are you running?

5900f8e

Is your proposal related to a problem?

User, that can pass the authentication, gets to the page with no clusters on it. Which is a bit strange.

Describe the solution you'd like

User with no permissions on any cluster, should be declined access instead.

Describe alternatives you've considered

Separate page with "No permissions provided for the user! Contact your administrator for support" message

Additional context

BulatKha avatar Nov 16 '22 11:11 BulatKha

Hey @Haarolean I would like to take this up.

sarkarshuvojit avatar Apr 11 '23 15:04 sarkarshuvojit

I would need some help understanding how to replicate this issue. I will try to write whatever I understand, please correct me if I'm wrong.

In order for me to replicate the issue,

  1. I have to set up the project with RBAC enabled, will refer to this
  2. Create a user which has no permissions
  3. Try to open the dashboard

sarkarshuvojit avatar Apr 11 '23 16:04 sarkarshuvojit

@sarkarshuvojit yeah, basically, just log in as any user which will have no applicable subjects. Feel free to ping me on discord again if you encounter any problems with that.

Haarolean avatar Apr 12 '23 15:04 Haarolean

@sarkarshuvojit any updates?

Haarolean avatar May 31 '23 15:05 Haarolean

Any updates?

volodya953 avatar Sep 04 '24 13:09 volodya953

@volodya953 #4255 -> https://github.com/kafbat/kafka-ui

Haarolean avatar Sep 04 '24 13:09 Haarolean

@Haarolean Is this feature implemented there or do we need to recreate this topic?

volodya953 avatar Sep 04 '24 14:09 volodya953

@Haarolean Is this feature implemented there or do we need to recreate this topic?

No it's rather not. Please raise a new issue.

Haarolean avatar Sep 04 '24 15:09 Haarolean