A user with the ALL_RESOURCES ACL can search for and reveal the existence of tenants even when they are not assigned to them.
Steps To Reproduce
Create a Principal within an lhCluster that has the ACL_ALL_RESOURCES ACL permission scoped to a specific tenant (example: test).
Create another tenant within the same lhCluster that the new Principal does not have access to.
Run a SearchTenant request as the Principal defined in Step 1.
BUG: Server returns both tenants, including the one the Principal is assigned to AND the one the Principal is not assigned to
Expected Behavior
A non-admin user with the ALL_RESOURCES permission that runs a SearchTenant request should only receive a list of the tenants they are assigned to. This is to protect the privacy of other tenants within the same cluster.
Context
A user with the
ALL_RESOURCES
ACL can search for and reveal the existence of tenants even when they are not assigned to them.Steps To Reproduce
lhCluster
that has theACL_ALL_RESOURCES
ACL permission scoped to a specific tenant (example: test).lhCluster
that the new Principal does not have access to.SearchTenant
request as the Principal defined in Step 1.Expected Behavior
A non-admin user with the
ALL_RESOURCES
permission that runs a SearchTenant request should only receive a list of the tenants they are assigned to. This is to protect the privacy of other tenants within the same cluster.Screenshots
No response
Additional Context
No response
Components
Server