You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With 2.1.8, using argocd admin settings rbac can 'someorg:team' get project myproject results in Yes for both but argocd account can-i get projects myproject is only yes for the latter.
Since RBAC is role-based, I would think any permission assignment directly to user or group is no longer supported. Users will need to grant a user or group certain roles that have the desired permissions.
Here is another somewhat related PR #11964, which seems to assume this:
Can't we just assume that there are two types of policies right now:
Grants (g), which has two fields (the grantee and the role granted)
Policy (p), which has five fields (the role, the resource type, the verb, the resource name pattern and the action)
Checklist:
argocd version
.Describe the bug
Upgrading from 2.0.5 to 2.1.8, the RBAC doesn't seem to allow
p
lines to reference groups unless the group has been assigned to a role first.does not let someone in
someorg:team
accessmyproject
butdoes.
With 2.1.8, using
argocd admin settings rbac can 'someorg:team' get project myproject
results inYes
for both butargocd account can-i get projects myproject
is onlyyes
for the latter.Version
The text was updated successfully, but these errors were encountered: