cnweaver
commented
1 month ago There are at least two distinct bugs here:
- If a
CredentialKafkaPermissionwithoperation==Allexists, the manage_credential page incorrectly displays it as having neither read nor write permission, and it is unclear how to alter it (or whether there is any working way to do so). - If an admin uses the manage_credential page and attempts to alter permission settings on another user's credential, whether those changes are valid is incorrectly checked based on the admin's permissions (permissions granted to groups of which the admin is a member), rather than the target user's permissions
cmccully
In at least one instance, a user who belongs to a group (and is even a group owner) cannot grant read and write permissions to that group's topics to a credential. Symptoms are that the web UI allows the relevant check boxes to be checked, but the changes vanish later, e.g. when reloading the credential management page. This suggests that the permission is not actually being stored in the backing database. The same problems occur hen an admin tries to add the permissions on the user's behalf.