I’m running Sensu backend 5.19.1 and have setup RBAC such that all users can see all events, but can’t resolve, silence, rerun or delete them, unless given permission through a rolebinding. I’m using a global reader for this.
When I attempt to resolve or silence, I get a nice red popup message saying access is unauthorized. When I attempt delete or rerun, I get an ugly error message like below and have to re-login to the web page.
I suspect that however you can fix this like you did for silencing and resolving. I’ll attach my RBAC objects in case I’m doing something wrong. Thanks!
Error: GraphQL error: request unauthorized
at new ApolloError (http://kchenowe-deb9-64.dhcp.mathworks.com:3000/static/js/vendor_bcb1.js:90:188247)
at Object.next (http://kchenowe-deb9-64.dhcp.mathworks.com:3000/static/js/vendor_bcb1.js:90:206426)
at notifySubscription (http://kchenowe-deb9-64.dhcp.mathworks.com:3000/static/js/vendor_bcb1.js:105:26227)
at onNotify (http://kchenowe-deb9-64.dhcp.mathworks.com:3000/static/js/vendor_bcb1.js:105:26843)
at SubscriptionObserver.next (http://kchenowe-deb9-64.dhcp.mathworks.com:3000/static/js/vendor_bcb1.js:105:27657)
at http://kchenowe-deb9-64.dhcp.mathworks.com:3000/static/js/vendor_bcb1.js:90:203940
at Set.forEach ()
at Object.next (http://kchenowe-deb9-64.dhcp.mathworks.com:3000/static/js/vendor_bcb1.js:90:203903)
at notifySubscription (http://kchenowe-deb9-64.dhcp.mathworks.com:3000/static/js/vendor_bcb1.js:105:26227)
at onNotify (http://kchenowe-deb9-64.dhcp.mathworks.com:3000/static/js/vendor_bcb1.js:105:26843)
at SubscriptionObserver.next (http://kchenowe-deb9-64.dhcp.mathworks.com:3000/static/js/vendor_bcb1.js:105:27657)
at notifySubscription (http://kchenowe-deb9-64.dhcp.mathworks.com:3000/static/js/vendor_bcb1.js:105:26227)
at onNotify (http://kchenowe-deb9-64.dhcp.mathworks.com:3000/static/js/vendor_bcb1.js:105:26843)
at SubscriptionObserver.next (http://kchenowe-deb9-64.dhcp.mathworks.com:3000/static/js/vendor_bcb1.js:105:27657)
at notifySubscription (http://kchenowe-deb9-64.dhcp.mathworks.com:3000/static/js/vendor_bcb1.js:105:26227)
at onNotify (http://kchenowe-deb9-64.dhcp.mathworks.com:3000/static/js/vendor_bcb1.js:105:26843)
type: Role
api_version: core/v2
metadata:
name: local-admin
namespace: database
spec:
rules:
- resource_names:
resources:- assets
- checks
- entities
- events
- filters
- handlers
- hooks
- mutators
- rolebindings
- roles
- silenced
verbs: - get
- list
- create
- update
type: RoleBinding
api_version: core/v2
metadata:
name: local-admin
namespace: database
spec:
role_ref:
name: local-admin
type: Role
subjects:
- name: database
type: Group
type: ClusterRole
api_version: core/v2
metadata:
name: global-event-reader
spec:
rules:
- resource_names: null
resources:- events
verbs: - get
- list
type: ClusterRoleBinding
api_version: core/v2
metadata:
name: global-event-reader
spec:
role_ref:
name: global-event-reader
type: ClusterRole
subjects:
- events
- name: default
type: Group - name: webops
type: Group - name: database
type: Group - name: insidelabs
type: Group - name: splunk
type: Group - name: web-servers
type: Group