search

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.
https://goteleport.com
GNU Affero General Public License v3.0
17.38k stars 1.74k forks source link

No longer possible to completely hide the "Access Management" section of the UI #45537

Closed webvictim closed 1 month ago

webvictim commented 1 month ago

Expected behavior

The "Access Management" section of the Teleport web UI should be automatically hidden if you have no permissions to perform any admin actions inside the cluster.

As shown by the popularity of this discussion post showing how to hide Teleport's web UI sections, this is key functionality sought by Teleport administrators to make it easier for non-admin users to navigate the cluster.

Current behavior

Removing all permissions from a user still shows the Access Management section of the UI, with two active subheadings:

Enroll new resource

image

It is pointless to show this section to users when they have no permission for any of the resource adding flows.

Access lists

image

This page even tells you the reason why you can't see access lists, but then still shows them.

Modifying the web UI's ACLs so that these sections are not shown without appropriate permissions (or can at least be hidden by adding deny rules for specific RBAC resources) will help to make the UI less confusing for non-administrative users.

Bug details:

zmb3 commented 1 month ago

This is working as intended. Hiding sections of the UI is available to enterprise customers who meet certain requirements, the details of which are not appropriate in the OSS issue tracker.