MAAS

RBAC Admin/Operator can delete machines

Bug #1811796 reported by Björn Tillenius on 2019-01-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	MAAS	Triaged	Medium	Unassigned	MAAS 3.4.x

Bug Description

This is with MAAS 2.5.1-7489-g2f25a2cc0-0ubuntu1~18.04.1 and RBAC enabled.

I have user that is Admin/Operator on a resource pool, but not a global admin.

He is allowed to delete machines that are in that resource pool. I don't think
non-global admins should be able to delete machines, since they have no way
of re-adding them to the pool.

Also, in the UI, non-global admins can't delete machines.

Tags:

Björn Tillenius (bjornt) on 2019-01-15

Changed in maas:
status:	New → Triaged
importance:	Undecided → High
milestone:	none → 2.5.1
tags:	added: api rbac

Andres Rodriguez (andreserl) on 2019-01-16

Changed in maas:
status:	Triaged → Opinion
milestone:	2.5.1 → 2.5.2

Andres Rodriguez (andreserl) on 2019-02-21

Changed in maas:
milestone:	2.5.2 → 2.5.3

Andres Rodriguez (andreserl) on 2019-04-22

Changed in maas:
milestone:	2.5.3 → 2.6.0beta2

Andres Rodriguez (andreserl) on 2019-04-27

Changed in maas:
milestone:	2.6.0beta2 → 2.6.0rc1

Andres Rodriguez (andreserl) on 2019-05-28

Changed in maas:
milestone:	2.6.0rc1 → 2.6.0rc2

Andres Rodriguez (andreserl) on 2019-06-10

Changed in maas:
milestone:	2.6.0rc2 → 2.7.0alpha1

Alberto Donato (ack) on 2019-09-27

summary:	- [2.5, RBAC, API] Admin/Operator can delete machines + Admin/Operator can delete machines
Changed in maas:
status:	Opinion → Triaged

Adam Collard (adam-collard) on 2019-12-04

Changed in maas:
milestone:	2.7.0b1 → 2.7.0b2

Adam Collard (adam-collard) on 2019-12-18

Changed in maas:
milestone:	2.7.0b2 → none

Adam Collard (adam-collard) on 2022-09-01

summary:

- Admin/Operator can delete machines
+ RBAC Admin/Operator can delete machines

Jerzy Husakowski (jhusakowski) on 2023-03-31

Changed in maas:
importance:	High → Medium
milestone:	none → 3.4.0

Alberto Donato (ack) on 2023-06-29

Changed in maas:
milestone:	3.4.0 → 3.4.x

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.