[Bug]: Default App Viewer role for public applications grants production access to whole workspace #33354
Labels
Bug
Something isn't working
Community Reported
issues reported by community members
Needs Triaging
Needs attention from maintainers to triage
Production
RBAC
Issues, requests and enhancements around RBAC.
Team Managers Pod
Issues that team managers care about for the security and efficiency of their teams
Is there an existing issue for this?
Description
I'll start by saying I have been on a call yesterday with your team regarding an issue I had. My workspace got bugged and it had the default "App viewer" role configured, despite no application being public. We have fixed this issue by unassigning this role through mongoDB, but I am filing a bug report, because I believe that there is a serious issue with how the public App Viewer role works.
Because the default "App Viewer" role has access to every application in workspace, and these permissions are assigned to the workspace even if only 1 application in this workspace is public, then:
Any role that gives only staging access to this workspace environments, will also give users production access - this happens through the "App viewer" role.
If we have an environment with several applications, only one of which is shared, it makes no sense that the whole workspace will be treated as public and every application will be affected.
I have confirmed my theory and I have provided reproduction steps:
Steps To Reproduce
Public Sample App
No response
Environment
Production
Severity
Critical (Broken Production apps)
Issue video log
No response
Version
Self-hosted v1.21
The text was updated successfully, but these errors were encountered: