Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ACS 4.19.1 | Full Network List visible for Domain Admin #9456

Closed
midhunpjos opened this issue Jul 26, 2024 · 6 comments
Closed

ACS 4.19.1 | Full Network List visible for Domain Admin #9456

midhunpjos opened this issue Jul 26, 2024 · 6 comments
Assignees
@winterhazel
Labels
Severity:BLOCKER
Milestone
4.19.2

Comments

@midhunpjos
Copy link

ISSUE TYPE
  • Bug Report
COMPONENT NAME
API, UI
CLOUDSTACK VERSION
4.19.1
CONFIGURATION
4.19.1
Advanced Zone / Without Security Groups
Hypervisor : XCP-ng
OS / ENVIRONMENT
Ubuntu 20.04
SUMMARY
STEPS TO REPRODUCE
Login To Cloudstack UI using a Domain Admin Credentials
Domain Admin is able to see Networks that belongs to other Domains
EXPECTED RESULTS
Domain Admin Should See Only Networks Belonging to His Domain
ACTUAL RESULTS
Domain Admin is able to see Networks that belongs to other Domains. 

Note: He cannot perform any account actions on other domain accounts
![Untitled](https://github.com/user-attachments/assets/fcd97b35-ebfb-4c6e-9ad4-88f994e15c33)
@weizhouapache weizhouapache added this to the 4.19.2.0 milestone Jul 26, 2024
@nvazquez
Copy link
Contributor

Thanks @midhunpjos - I tested 4.19.0 as well and couldn't reproduce the issue. I can reproduce it on 4.19.1

@nvazquez
Copy link
Contributor

nvazquez commented Jul 26, 2024
edited
Loading

Confirmed on 4.19.1:

  • Domain admins from a domain can see other domain networks
  • Users from a domain cannot see other domain networks

@winterhazel
Copy link
Collaborator

winterhazel commented Jul 27, 2024
edited
Loading

Adding to @nvazquez's comment that this is not exclusive to domain admins: normal users are able to see networks that belong to other domains and that they should not have access to by using the "shared" filter.

@rohityadavcloud
Copy link
Member

@nvazquez @winterhazel thanks for the investigation and comments; Fair to say we’ve established it only affects 4.19.1, while we work on this - suggested workaround is for users to downgrade or not upgrade to 4.19.1.0.

cc @JoaoJandre @weizhouapache @shwstppr @sureshanaparti @harikrishna-patnala @DaanHoogland @borisstoyanov and others

@winterhazel winterhazel mentioned this issue Jul 29, 2024
Merged
7 tasks
@winterhazel winterhazel self-assigned this Jul 29, 2024
@winterhazel
Copy link
Collaborator

Hey everyone, I sent a PR to fix this issue in #9461, could you guys take a look and tell me what you think?

@rohityadavcloud rohityadavcloud modified the milestones: 4.19.2.0, 4.19.1.1 Jul 29, 2024
@rohityadavcloud rohityadavcloud modified the milestones: 4.19.1.1, 4.19.2.0 Aug 8, 2024
@virsibl virsibl mentioned this issue Aug 8, 2024
Closed
@rohityadavcloud
Copy link
Member

Closing as the issue was reverted, confirmed by @shwstppr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@winterhazel winterhazel

Labels
Severity:BLOCKER
Projects
Apache CloudStack BugFest - Issues
Status: Done
Milestone
4.19.2
Development

No branches or pull requests
5 participants
@rohityadavcloud @nvazquez @winterhazel @weizhouapache @midhunpjos