Closed huwshimi closed 5 months ago
Thank you for reporting us your feedback!
The internal ticket has been created: https://warthogs.atlassian.net/browse/IAM-845.
This message was autogenerated
dug a bit
issue is we didn't setup the superusers (privileged
) properly
what needs to happen is that for each type (role
,group
,client
...) we need to create an association via privileged
for the <type>:global
tuple
- user: privileged:<privileged user>
relation: privileged
object: role:global
- user: privileged:<privileged user>
relation: privileged
object: client:global
added extra tuples to the wiki page
#### privileged permissions
- user: privileged:superuser
relation: privileged
object: provider:global
- user: privileged:superuser
relation: privileged
object: role:global
- user: privileged:superuser
relation: privileged
object: group:global
- user: privileged:superuser
relation: privileged
object: client:global
- user: privileged:superuser
relation: privileged
object: identity:global
- user: privileged:superuser
relation: privileged
object: scheme:global
issue will be addressed in the short term at seeding time, when we create a model we will add these tuples as a start and choose the name of the privileged
type
a new issue will be created for this, @BarcoMasile is on it
This may be user error, but when I try to create a role or a group (e.g. POST to
/api/v0/groups
with{id: "newgroup"}
) I get a 403 response:I only started getting this error once I enabled authorisation in my configmap.
I'm setting the auth header to the superuser "johndoe" (see tuples below): X-Authorization: am9obmRvZQ==
The tuples are set to the same values as the seeding doc.
My model is: