-
Bug
-
Resolution: Unresolved
-
Medium
-
None
-
None
-
None
Using the Netconf version 5.0.0 and which includes aaa version 0.17.2.
While user is assigned with a policy to perform only 'GET' operation is also able to perform 'PUT' operation.
Step 1: Creation of user.
curl --user admin:admin --request POST 'http://<controller IP>:8181/auth/v1/users' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '{
"name": "abc",
"description": "User to perform only read operation",
"enabled": 1,
"email": "abc@xyz.com",
"password": "abc@123",
"domainid": "sdn"
}'
Step 2: Assigning role to the user
curl --user admin:admin --request POST 'http://<controller_IP>:8181/auth/v1/domains/sdn/users/abc@sdn/roles' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '{
"roleid": "read_only@sdn",
"domainid": "sdn"
}'
Step 3: Assigning policy to the role
{
"aaa:policies": [
{
"aaa:resource": "/rests/data/network-topology:network-topology/topology=topology-netconf/node=node_id/**",
"aaa:permissions": [
]
}
]
}
Summary: User is assigned with authorization to perform 'GET' operation only but it is allowing to perform 'PUT' operation as well.