113 lines
3.9 KiB
Markdown
113 lines
3.9 KiB
Markdown
# 【E21现场】tsg 系统dashboard账号登录系统查询log,提示forbidden报错,日志查询失败
|
||
|
||
| ID | Creation Date | Assignee | Status |
|
||
|----|----------------|----------|--------|
|
||
| OMPUB-800 | 2023-02-08T21:21:50.000+0800 | 王瑜 | 已关闭 |
|
||
|
||
|
||
---
|
||
|
||
概况描述:
|
||
|
||
同一台笔记本,先使用admin账号登录系统查看指定时间session records等log 日志展示均正常,但是dashboard账号(role=dashboard_user)登录系统查看session record 等log日志详情展示不出来,且报错“forbidden”。
|
||
|
||
|
||
|
||
详情见附件
|
||
|
||
|
||
|
||
业主反馈,从开始使用dashboard_user创建的dashboard账号开始,log日志就无法查询出日志详情。**leijun** commented on *2023-02-09T09:45:25.334+0800*:
|
||
|
||
问题排查定位:session records日志界面调用的Category查询接口,需角色有Policies & Objects访问的权限才可访问,由于dashboard_user 角色有 logs 权限,无 Policies & Objects 权限,导致 dashboard 账号访问 session records 时出现 “forbidden”,日志详情展示不出来
|
||
|
||
|
||
|
||
---
|
||
|
||
**yuwang** commented on *2023-02-09T10:47:42.437+0800*:
|
||
|
||
问题原因:所查询的Session record的数据中存在Category ID。界面需要根据Category ID映射Name展示出来,但Object没有权限。导致出现‘ forbidden’ 报错,并且列表数据未展示
|
||
|
||
|
||
|
||
---
|
||
|
||
**leijun** commented on *2023-02-09T21:35:47.325+0800*:
|
||
|
||
通过审计日志查看 dashboard_user角色权限变更历史:
|
||
2022-01-03 12:03:38 创建dashboard_user角色,且dashboard_user 角色无 Policies & Objects 访问的权限
|
||
2023-02-07 08:10:58 第一次进行update操作,角色权限没有发生改变
|
||
2023-02-07 08:17:49 第二次进行update操作,dashboard_user 角色权限增加 Policies & Objects 只读权限和 Profiles 读写权限
|
||
2023-02-07 08:20:51 第三次进行update操作,dashboard_user 角色权限取消 Profiles 读写权限
|
||
2023-02-07 08:22:07 第四次进行update操作,dashboard_user 角色权限取消 Policies & Objects 只读权限
|
||
|
||
|
||
|
||
---
|
||
|
||
**liuju** commented on *2023-02-09T21:46:50.379+0800*:
|
||
|
||
关于“session records日志界面调用的Category查询接口,需角色有Policies & Objects访问的权限才可访问”,那是不是dashboard_user角色,具备Policies & Objects的只读权限,该角色创建的账号就可以正常访问log
|
||
|
||
|
||
|
||
---
|
||
|
||
**leijun** commented on *2023-02-10T09:53:39.007+0800*:
|
||
|
||
dashboard_user角色,添加 Policies & Objects的只读权限后,该角色创建的账号可以正常访问 log
|
||
|
||
|
||
|
||
---
|
||
|
||
**yuwang** commented on *2023-02-17T17:25:43.075+0800*:
|
||
|
||
界面在22.11版本进行修改,查询的接口没有权限接口不再展示错误信息,涉及到的数据只展示ID。鼠标悬浮展示“该数据没有权限或已删除”文案
|
||
|
||
|
||
|
||
---
|
||
|
||
|
||
|
||
# Attachments
|
||
|
||
Attachment: dashboard_user审计日志.txt
|
||
|
||
[dashboard_user审计日志.txt](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/34888/dashboard_user审计日志.txt)
|
||
|
||
|
||
|
||
Attachment: 微信图片_20230208161845.png
|
||
|
||
|
||
|
||
|
||
|
||
Attachment: 微信图片_20230208161900.png
|
||
|
||
|
||
|
||
|
||
|
||
Attachment: 微信图片_20230208161905.png
|
||
|
||
|
||
|
||
|
||
|
||
Attachment: 微信图片_20230208161909.png
|
||
|
||
|
||
|
||
|
||
|
||
Attachment: 微信图片_20230208161919.png
|
||
|
||
|
||
|
||
|
||
|