Hey <@U03RU0J84EL>, I'm sorry for this inconvenien...
# helpy
Yoni Augarten
10/05/2022, 8:13 PMHey @Kevin Vasko, I'm sorry for this inconvenience. It is a known issue. It wasn't prioritized yet since until now users who required repository-specific permissions haven't used the UI.
The cause for this issue is that the page you are trying to view is the page that shows all the repositories, and the permission to list the installation's repositories is a global one.
I will discuss with the team tomorrow whether we want to prioritize this right now. As a workaround, you can direct your users directly to a specific repository's page, using the URL:
<LAKEFS_UI_URL>/repositories/my-repo/objectsk
Kevin Vasko
10/05/2022, 8:14 PMSo what’s weird about this is that the page goes blank if i got to that URL
y
Yoni Augarten
10/05/2022, 8:14 PM@Kevin Vasko, alternatively, you can give the users the ListRepositories permissions, but this will mean that they will be able to see the list of all repositories (but not browse to their content).
k
Kevin Vasko
10/05/2022, 8:15 PM@Yoni Augarten Yewh that’s what I was doing actually but when I click on the repo it just displays a blank page
Kevin Vasko
10/05/2022, 8:16 PMAlso you can’t edit a policy haha. It says “already exists”
y
Yoni Augarten
10/05/2022, 8:16 PMLet's do this one by one 🙂
First of all, do you get a blank page for a repository you should be able to see, or one that should be denied?
k
Kevin Vasko
10/05/2022, 8:18 PMLet me validate. So just to make sure…i should be doing “arnlakefsfs:::repository/repo-name” where repo-name is my lakefs repo name and not the actual s3 bucket and prefix correct? I also assume I don’t need to do “arnlakefsfs:::repository/repo-name/“ or “arnlakefsfs:::repository/repo-name/*”
y
Yoni Augarten
10/05/2022, 8:19 PMYou are correct. Which action are you attaching this resource to?
k
Kevin Vasko
10/05/2022, 8:20 PMEverything in your default FSReadWriteAll
y
Yoni Augarten
10/05/2022, 8:20 PMLet me check
k
Kevin Vasko
10/05/2022, 8:22 PMYes, i get a blank page for both something i should have access to and to something I shouldn’t
y
Yoni Augarten
10/05/2022, 8:22 PMHere is an example of how to configure the policy for operating on a specific repository. It's a bit more complex than what you mentioned.
Yoni Augarten
10/05/2022, 8:23 PMAfter setting a similar policy, you should be able to browse to the repository's page.
k
Kevin Vasko
10/05/2022, 8:29 PMYup, that works…does it have to be broken up thst explicitly?
y
Yoni Augarten
10/05/2022, 8:29 PMYes, since permissions are divided by the type of resource they are relevant to, e.g. repository, branch etc.
k
Kevin Vasko
10/05/2022, 8:30 PMahhh
y
Yoni Augarten
10/05/2022, 8:30 PMRegarding the "Already exists" error, it does seem to be a bug. I've opened an issue for it and will discuss with the team.
https://github.com/treeverse/lakeFS/issues/4319
k
Kevin Vasko
10/05/2022, 8:31 PMIMG_7347.jpg
Kevin Vasko
10/05/2022, 8:31 PMsorry for the picture but on a lab system
Kevin Vasko
10/05/2022, 8:31 PMthe above does not work which is what I was trying
👍🏻 1
Kevin Vasko
10/05/2022, 8:32 PMAlso what is “ReadConfig”
y
Yoni Augarten
10/05/2022, 8:35 PMReadConfig is a permission to get some information about the whole installation, required for the UI. For example, it allows the UI to retrieve the type of the storage the installation is on top of.
k
Kevin Vasko
10/05/2022, 8:35 PMgotcha
y
Yoni Augarten
10/05/2022, 8:36 PMThank you for flagging these issues. Let me know if there's anything else I can help with.
k
Kevin Vasko
10/05/2022, 8:37 PMok so i see what you were saying so that very bottom “*” resource in that example you gave i added “fs:ListRepositories” now I can go to the main page, I see all the repos but I get a white blank screen on pages i don’t have the permissions on
y
Yoni Augarten
10/05/2022, 8:37 PMYes, that's a usability issue - we hope to solve it as part of the issue I mentioned above.
k
Kevin Vasko
10/05/2022, 8:38 PMyup yup, this works
8 Views