Affects Version/s: 7.35.0
Fix Version/s: None
Component/s: REST API
Problem description: Issues while creating permission target through REST API
What is the impact to the customer - What are they trying to achieve? where does that bug hurts them? what does it stop them from achieving? If a user has the Manage Resources role enabled, we get 403:Forbidden error while creating the permission target only through REST API. However, user is able to create the same through UI as expected.
What is the expected behavior? Users with the Manage Resources role should be able to create the permission targets through REST API.
Steps to reproduce: (On a clean environment):
1. Install the latest version of the Artifactory V7.35.1
- Create a non-admin user with Manage Resources role enabled
- Try creating a permission target with the above-created user using the REST API as below, which throws 403:Forbidden error.
Environment details: 7.35.1
Artifactory/Xray version which the bug was reproduced on (If the bug was reproduced not on the latest major, please test on the latest version as well.) : Tested in the latest version of the Artifactory [7.35.1]
DB type & Version :NA
Is this an HA env? if so, how many nodes is used: NA
Is this On-Prem or SaaS? On-Prem
OS details if relevant: NA
Installation type (i.e. Docker, RPM etc..): NA
Link to the GCP machine/mill which holds the reproduction?http://mill.jfrog.info/web/#/instance/672c541f9b1e
Possible workaround: (If you have one) Users can create the Permission target through UI.