https://jira.opendaylight.org This file is an XML representation of an issue en-us 8.20.10 820010 22-06-2022 https://jira.opendaylight.org/browse/AAA-248 aaa <p>Using the Netconf version 5.0.0 and which includes aaa version 0.17.2.</p> <p>While user is assigned with a policy to perform only 'GET' operation is also able to perform 'PUT' operation.</p> <p>Step 1: Creation of user.</p> <p>curl --user admin:admin --request POST 'http://&lt;controller IP&gt;:8181/auth/v1/users' \<br/> --header 'Content-Type: application/json' \<br/> --header 'Accept: application/json' \<br/> --data '</p> {     "name": "abc",     "description": "User to perform only read operation",     "enabled": 1,     "email": "abc@xyz.com",     "password": "abc@123",     "domainid": "sdn" } <p>'</p> <p>Step 2: Assigning role to the user</p> <p>curl --user admin:admin --request POST 'http://&lt;controller_IP&gt;:8181/auth/v1/domains/sdn/users/abc@sdn/roles' \<br/> --header 'Content-Type: application/json' \<br/> --header 'Accept: application/json' \<br/> --data '</p> {     "roleid": "read_only@sdn",     "domainid": "sdn" } <p>'</p> <p>Step 3: Assigning policy to the role</p> <p>{<br/>     "aaa:policies": [<br/>         {<br/>             "aaa:resource": "/rests/data/network-topology:network-topology/topology=topology-netconf/node=node_id/**",<br/>             "aaa:permissions": [<br/>                 </p> {                     "aaa:role": "read_only",                     "aaa:actions": [                         "get"                     ]                 } <p>            ]<br/>         }<br/>     ]<br/> }</p> <p>Summary: User is assigned with authorization to perform 'GET' operation only but it is allowing to perform 'PUT' operation as well.</p> AAA-248

Incorrect behavior in aaa-policy in aaa version 0.17.2 (Netconf-5.0.0)

Bug Medium Open Unresolved Venkatrangan Govindarajan Arun Venkatesha aaa-0.17.2 Tue, 31 Jan 2023 12:19:13 +0000 Tue, 31 Jan 2023 12:19:13 +0000 0 1 Development Rank 0|i0443j: