yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #33693
[Bug 1464652] Re: loss of privileges of current admin user
This is by design on the keystone side. As a consequence of a reducing a
user's current authorization, relevant tokens are revoked and the user
must subsequently re-authenticate.
If horizon stored an unscoped token along with the active scoped token,
it could re-authenticate for another scoped token transparently to the
end user. Because I've seen this reported a couple times over the years,
I'm going to punt to Horizon this time :)
** Also affects: horizon
Importance: Undecided
Status: New
** Changed in: keystone
Status: New => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1464652
Title:
loss of privileges of current admin user
Status in OpenStack Dashboard (Horizon):
New
Status in OpenStack Identity (Keystone):
Won't Fix
Bug description:
When I'm logged into openstack as the "admin" user into a project.
I created a new project and added "admin" user to it and saved. Again I removed user "admin" from the same project and saved. Then he ("admin" user) looses all his admin privileges from the current session. He can't see any projects or users. We will have to log in again to re-gain the admin privileges.
In detail:
1. Log in as user "admin"
2. Select "Current Project = admin", "View = admin"
3. Click "Projects"
4. Click "+ Create Project"
5. Name: "test", Description: "", Enabled: checked
6. Project Members: click the "+" for "admin", now the admin user is added
with the "_member_" role
7. Click "Create Project" to close the dialog window
8. In the column of project "test", click on "Modify Users"
9. Click on the "-" for the "admin" user to remove her
10. Click "Save"
11. An error pops up, "Error: Unauthorized: Unable to retrieve project list."
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1464652/+subscriptions
References