ntap-nmarco
commented
12 months ago I am sorry. We are currently not planning to backport that configuration option. If this changes, we will reopen this issue. I ask for your understanding here.
Closed swaykg closed 12 months ago
ntap-nmarco
commented
12 months ago I am sorry. We are currently not planning to backport that configuration option. If this changes, we will reopen this issue. I ask for your understanding here.
Currently, when no role is applied to a user in generic OAuth configuration, the user is authorized as a Viewer or the role specified by the 'auto_assign_org_role' option.
The 'role_attribute_strict' configuration option has been introduced in Grafana 8.x, that denies user access if no role or an invalid role is returned.
Is there a possibility to add this feature for security purposes?