From e6a217069ca23f54e39114e086a956d2fb6312c6 Mon Sep 17 00:00:00 2001 From: Nizamudeen A Date: Tue, 6 Apr 2021 21:24:51 +0530 Subject: [PATCH] mgr/dashboard: Revoke read-only user's access to Manager modules This will disable read only user to read/open Manager Modules page in Ceph Dashboard where some of the security related informations are shown. Fixes: https://tracker.ceph.com/issues/50174 Signed-off-by: Nizamudeen A (cherry picked from commit fb607f1561371340d2c9d4e16c4eaceb365fd926) Conflicts: src/pybind/mgr/dashboard/services/access_control.py - Some of the changes are not backported because those features are not implemented on nautilus. So I left them as it is --- src/pybind/mgr/dashboard/services/access_control.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pybind/mgr/dashboard/services/access_control.py b/src/pybind/mgr/dashboard/services/access_control.py index 4a09991a9e6..64d1e7967c5 100644 --- a/src/pybind/mgr/dashboard/services/access_control.py +++ b/src/pybind/mgr/dashboard/services/access_control.py @@ -114,7 +114,7 @@ ADMIN_ROLE = Role('administrator', 'Administrator', { # read-only role provides read-only permission for all scopes READ_ONLY_ROLE = Role('read-only', 'Read-Only', { scope_name: [_P.READ] for scope_name in Scope.all_scopes() - if scope_name != Scope.DASHBOARD_SETTINGS + if scope_name not in (Scope.DASHBOARD_SETTINGS, Scope.CONFIG_OPT) }) -- 2.47.3