You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If Helm Chart, Kubernetes Cluster and version: RKE2
Proxy/Cert Details: No proxy, Lets Encrypt certs.
Information about the Cluster
Kubernetes version: 1.27.9
Cluster Type (Local/Downstream): Upstream
If downstream, what type of cluster? (Custom/Imported or specify provider for Hosted/Infrastructure Provider): Infrastructure Provider (VMware) for the downstream clusters.
User Information
What is the role of the user logged in? Project Owner + more
If custom, define the set of permissions: Also added projectroletemplatebindings-view and projectroletemplatebindings-manage roles for good measure.
Describe the bug
A user who is a project owner of the debug namespace cannot manage members for that namespace. In the description of the project owner role, it says "Owners have full control over the Project and all resources inside it." which I think indicates that they should be able to manage project membership.
But just in case I'm not understanding it correctly, I also went ahead add added the "Manage Project Members" and "View Project Members" roles too. That also has no effect, as far as I can tell.
To Reproduce
Let an admin create a project and add user foo to that project.
Log in as user foo and go to cluster explorer and select "Projects/Namespaces".
Result
Notice how there is no "Cluster and Project Members" menu option in the right-hand-side menu and no project members visible when editing the project.
Expected Result
Users that are Project Owners, or have the "Manage Project Members" role assigned to them, should be able to manage project members for that project.
Screenshots
Additional context
It's worth noting that the user I'm logged in comes from an Active Directory, so not a pure "local" user. But it should work in any case!
As @lindhe mentioned, we are having the exact same problem with Rancher 2.8.2. Project owners are unable to view/manage project members. We tried explicitly adding the view project members and manage project members to a user account with the same results as Andreas.
Rancher Server Setup
Information about the Cluster
User Information
projectroletemplatebindings-view
andprojectroletemplatebindings-manage
roles for good measure.Describe the bug
A user who is a project owner of the
debug
namespace cannot manage members for that namespace. In the description of the project owner role, it says "Owners have full control over the Project and all resources inside it." which I think indicates that they should be able to manage project membership.But just in case I'm not understanding it correctly, I also went ahead add added the "Manage Project Members" and "View Project Members" roles too. That also has no effect, as far as I can tell.
To Reproduce
foo
to that project.foo
and go to cluster explorer and select "Projects/Namespaces".Result
Notice how there is no "Cluster and Project Members" menu option in the right-hand-side menu and no project members visible when editing the project.
Expected Result
Users that are Project Owners, or have the "Manage Project Members" role assigned to them, should be able to manage project members for that project.
Screenshots
Additional context
It's worth noting that the user I'm logged in comes from an Active Directory, so not a pure "local" user. But it should work in any case!
Here are the relevant docs: https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles#project-roles
I'm not the only one confused about this:
The text was updated successfully, but these errors were encountered: