[db] default value for project_only allows non-secure access
Bug #1866951 reported by
Goutham Pacha Ravi
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Shared File Systems Service (Manila) |
Triaged
|
Low
|
Goutham Pacha Ravi |
Bug Description
In a multi-tenant environment, it is critical to have rule based access control tightened around project resources. While fixing two security bugs around loose RBAC [1][2], it was suggested that a fix be made to the base "model_query" to tighten the default value for "project_only" [3]. Setting project_only to "True" by default might prevent further transgressions as resources and APIs continue to be built.
[1] https:/
[2] https:/
[3] https:/
Changed in manila: | |
assignee: | nobody → Goutham Pacha Ravi (gouthamr) |
Changed in manila: | |
importance: | Medium → Low |
Changed in manila: | |
status: | New → Triaged |
To post a comment you must log in.
Additional comments http:// eavesdrop. openstack. org/meetings/ manila/ 2020/manila. 2020-03- 12-15.01. log.html