ACS 4.19.1 | Full Network List visible for Domain Admin

[midhunpjos]

ISSUE TYPE

• Bug Report

COMPONENT NAME

API, UI

CLOUDSTACK VERSION

4.19.1

CONFIGURATION

4.19.1
Advanced Zone / Without Security Groups
Hypervisor : XCP-ng

OS / ENVIRONMENT

Ubuntu 20.04

SUMMARY

STEPS TO REPRODUCE

Login To Cloudstack UI using a Domain Admin Credentials
Domain Admin is able to see Networks that belongs to other Domains 

EXPECTED RESULTS

Domain Admin Should See Only Networks Belonging to His Domain

ACTUAL RESULTS

Domain Admin is able to see Networks that belongs to other Domains. 

Note: He cannot perform any account actions on other domain accounts
![Untitled](https://github.com/user-attachments/assets/fcd97b35-ebfb-4c6e-9ad4-88f994e15c33)

[nvazquez]

Thanks @midhunpjos - I tested 4.19.0 as well and couldn't reproduce the issue. I can reproduce it on 4.19.1

[nvazquez]

Confirmed on 4.19.1:

• Domain admins from a domain can see other domain networks
• Users from a domain cannot see other domain networks

[winterhazel]

Adding to @nvazquez's comment that this is not exclusive to domain admins: normal users are able to see networks that belong to other domains and that they should not have access to by using the "shared" filter.

[rohityadavcloud]

@nvazquez @winterhazel thanks for the investigation and comments; Fair to say we’ve established it only affects 4.19.1, while we work on this - suggested workaround is for users to downgrade or not upgrade to 4.19.1.0.

cc @JoaoJandre @weizhouapache @shwstppr @sureshanaparti @harikrishna-patnala @DaanHoogland @borisstoyanov and others

[winterhazel]

Hey everyone, I sent a PR to fix this issue in https://github.com/apache/cloudstack/pull/9461, could you guys take a look and tell me what you think?

[rohityadavcloud]

Closing as the issue was reverted, confirmed by @shwstppr