Pool admins shouldn't be allowed to delete the pool
Bug #1812240 reported by
Björn Tillenius
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Triaged
|
Medium
|
Unassigned |
Bug Description
This is with MAAS 2.5.1-7489-
I have a user that has the Admin role on a single pool.
He's allowed to delete that pool, which he shouldn't.
Only users that have the Admin role in the 'all' resource pool scope
should be allowed to delete resource pools.
The reason is that you should always be allowed to undo something.
If you have permission to delete something, you should have permission
to recreate it.
This affects both the API and the UI.
Changed in maas: | |
status: | New → Triaged |
importance: | Undecided → High |
milestone: | none → 2.5.1 |
tags: | added: rbac |
description: | updated |
Changed in maas: | |
milestone: | 2.5.1 → 2.5.2 |
status: | Triaged → Opinion |
Changed in maas: | |
milestone: | 2.5.2 → 2.5.3 |
Changed in maas: | |
milestone: | 2.5.3 → 2.6.0beta2 |
Changed in maas: | |
milestone: | 2.6.0beta2 → 2.6.0rc1 |
Changed in maas: | |
milestone: | 2.6.0rc1 → 2.6.0rc2 |
Changed in maas: | |
milestone: | 2.6.0rc2 → 2.7.0alpha1 |
Changed in maas: | |
status: | Opinion → Triaged |
Changed in maas: | |
milestone: | 2.7.0b1 → 2.7.0b2 |
Changed in maas: | |
milestone: | 2.7.0b2 → none |
summary: |
- [2.5, RBAC] Pool admins shouldn't be allowed to delete the pool + Pool admins shouldn't be allowed to delete the pool |
tags: | added: api |
Changed in maas: | |
importance: | High → Medium |
milestone: | none → 3.5.0 |
To post a comment you must log in.