Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not show nodes if user does not have access to them #1954

Closed
klizhentas opened this issue May 10, 2018 · 1 comment
Closed

Do not show nodes if user does not have access to them #1954

klizhentas opened this issue May 10, 2018 · 1 comment
Assignees
@russjones
Milestone
3.0.0 "San Antonio"

Comments

@klizhentas
Copy link
Contributor

klizhentas commented May 10, 2018
edited
Loading

Description

Teleport RBAC can prohibit access to nodes by label, however tsh ls still shows them. Exclude the nodes that user does not have access to by filtering out those nodes in

auth_with_roles.go and applying RBAC attempt to every node in the list.

Expected outcome

tsh ls and UI and any API should not show nodes if user is denied access to them.

Some details

Teleport roles allow to connect as certain user but not another, make sure the node is not shown if user is not allowed to connect as any user.
@klizhentas klizhentas added this to the 2.6.1 "New Braunfels" milestone May 10, 2018
@aberoham
Copy link
Contributor

aberoham commented May 10, 2018
edited
Loading

Related ask from a Teleport Enterprise customer, see #1862 ("hide Login As button if role lacks login permissions")

@russjones russjones modified the milestones: 2.6.1 "New Braunfels", 2.7.0 "San Antonio" May 22, 2018
@aberoham aberoham mentioned this issue Aug 14, 2018
Closed
@russjones russjones mentioned this issue Aug 15, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@russjones russjones

Labels
None yet
Projects
None yet
Milestone
3.0.0 "San Antonio"
Development

No branches or pull requests
3 participants
@klizhentas @aberoham @russjones