Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Project owner cannot manage project members #45524

Open
lindhe opened this issue May 17, 2024 · 1 comment
Open

[BUG] Project owner cannot manage project members #45524

lindhe opened this issue May 17, 2024 · 1 comment
Labels
kind/bug Issues that are defects reported by users or that we know have reached a real release

Comments

@lindhe
Copy link

lindhe commented May 17, 2024

Rancher Server Setup

  • Rancher version: v2.8.1
  • Installation option (Docker install/Helm Chart): Helm chart
    • If Helm Chart, Kubernetes Cluster and version: RKE2
  • Proxy/Cert Details: No proxy, Lets Encrypt certs.

Information about the Cluster

  • Kubernetes version: 1.27.9
  • Cluster Type (Local/Downstream): Upstream
    • If downstream, what type of cluster? (Custom/Imported or specify provider for Hosted/Infrastructure Provider): Infrastructure Provider (VMware) for the downstream clusters.

User Information

  • What is the role of the user logged in? Project Owner + more
    • If custom, define the set of permissions: Also added projectroletemplatebindings-view and projectroletemplatebindings-manage roles for good measure.

Describe the bug

A user who is a project owner of the debug namespace cannot manage members for that namespace. In the description of the project owner role, it says "Owners have full control over the Project and all resources inside it." which I think indicates that they should be able to manage project membership.

But just in case I'm not understanding it correctly, I also went ahead add added the "Manage Project Members" and "View Project Members" roles too. That also has no effect, as far as I can tell.

To Reproduce

  1. Let an admin create a project and add user foo to that project.
  2. Log in as user foo and go to cluster explorer and select "Projects/Namespaces".

Result

Notice how there is no "Cluster and Project Members" menu option in the right-hand-side menu and no project members visible when editing the project.

Expected Result

Users that are Project Owners, or have the "Manage Project Members" role assigned to them, should be able to manage project members for that project.

Screenshots

Manage and view project members
Screenshot 2024-05-17 082942
Screenshot 2024-05-17 082932

Additional context

It's worth noting that the user I'm logged in comes from an Active Directory, so not a pure "local" user. But it should work in any case!

Here are the relevant docs: https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles#project-roles

I'm not the only one confused about this:
@lindhe lindhe added the kind/bug Issues that are defects reported by users or that we know have reached a real release label May 17, 2024
@mbruno422
Copy link

As @lindhe mentioned, we are having the exact same problem with Rancher 2.8.2. Project owners are unable to view/manage project members. We tried explicitly adding the view project members and manage project members to a user account with the same results as Andreas.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Issues that are defects reported by users or that we know have reached a real release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lindhe @mbruno422