Closed lzabo closed 4 years ago
This improves the permission checking. A user may have the logstore/xapi:managehistoric permission which really means view + manage. There are explicit logstore/xapi:viewerrorlog and logstore/xapi:manageerrors permissions. Would a user be assigned a role where the logstore/xapi:managehistoric permission is set without logstore/xapi:viewerrorlog?
This improves the permission checking. A user may have the logstore/xapi:managehistoric permission which really means view + manage. There are explicit logstore/xapi:viewerrorlog and logstore/xapi:manageerrors permissions. Would a user be assigned a role where the logstore/xapi:managehistoric permission is set without logstore/xapi:viewerrorlog?
Yes, going by the requirements this is entirely possible
Description
PR Type