Title
#help
Yoni Augarten

Yoni Augarten

10/05/2022, 8:13 PM
Hey @Kevin Vasko, I'm sorry for this inconvenience. It is a known issue. It wasn't prioritized yet since until now users who required repository-specific permissions haven't used the UI. The cause for this issue is that the page you are trying to view is the page that shows all the repositories, and the permission to list the installation's repositories is a global one. I will discuss with the team tomorrow whether we want to prioritize this right now. As a workaround, you can direct your users directly to a specific repository's page, using the URL:
<LAKEFS_UI_URL>/repositories/my-repo/objects
.
k

Kevin Vasko

10/05/2022, 8:14 PM
So what’s weird about this is that the page goes blank if i got to that URL
Yoni Augarten

Yoni Augarten

10/05/2022, 8:14 PM
@Kevin Vasko, alternatively, you can give the users the ListRepositories permissions, but this will mean that they will be able to see the list of all repositories (but not browse to their content).
k

Kevin Vasko

10/05/2022, 8:15 PM
@Yoni Augarten Yewh that’s what I was doing actually but when I click on the repo it just displays a blank page
8:16 PM
Also you can’t edit a policy haha. It says “already exists”
Yoni Augarten

Yoni Augarten

10/05/2022, 8:16 PM
Let's do this one by one 🙂 First of all, do you get a blank page for a repository you should be able to see, or one that should be denied?
k

Kevin Vasko

10/05/2022, 8:18 PM
Let me validate. So just to make sure…i should be doing “arn:lakefs:fs:::repository/repo-name” where repo-name is my lakefs repo name and not the actual s3 bucket and prefix correct? I also assume I don’t need to do “arn:lakefs:fs:::repository/repo-name/“ or “arn:lakefs:fs:::repository/repo-name/*”
Yoni Augarten

Yoni Augarten

10/05/2022, 8:19 PM
You are correct. Which action are you attaching this resource to?
k

Kevin Vasko

10/05/2022, 8:20 PM
Everything in your default FSReadWriteAll
Yoni Augarten

Yoni Augarten

10/05/2022, 8:20 PM
Let me check
k

Kevin Vasko

10/05/2022, 8:22 PM
Yes, i get a blank page for both something i should have access to and to something I shouldn’t
Yoni Augarten

Yoni Augarten

10/05/2022, 8:22 PM
Here is an example of how to configure the policy for operating on a specific repository. It's a bit more complex than what you mentioned.
8:23 PM
After setting a similar policy, you should be able to browse to the repository's page.
k

Kevin Vasko

10/05/2022, 8:29 PM
Yup, that works…does it have to be broken up thst explicitly?
Yoni Augarten

Yoni Augarten

10/05/2022, 8:29 PM
Yes, since permissions are divided by the type of resource they are relevant to, e.g. repository, branch etc.
k

Kevin Vasko

10/05/2022, 8:30 PM
ahhh
Yoni Augarten

Yoni Augarten

10/05/2022, 8:30 PM
Regarding the "Already exists" error, it does seem to be a bug. I've opened an issue for it and will discuss with the team.https://github.com/treeverse/lakeFS/issues/4319
k

Kevin Vasko

10/05/2022, 8:31 PM
sorry for the picture but on a lab system
8:31 PM
the above does not work which is what I was trying
8:32 PM
Also what is “ReadConfig”
Yoni Augarten

Yoni Augarten

10/05/2022, 8:35 PM
ReadConfig is a permission to get some information about the whole installation, required for the UI. For example, it allows the UI to retrieve the type of the storage the installation is on top of.
k

Kevin Vasko

10/05/2022, 8:35 PM
gotcha
Yoni Augarten

Yoni Augarten

10/05/2022, 8:36 PM
Thank you for flagging these issues. Let me know if there's anything else I can help with.
k

Kevin Vasko

10/05/2022, 8:37 PM
ok so i see what you were saying so that very bottom “*” resource in that example you gave i added “fs:ListRepositories” now I can go to the main page, I see all the repos but I get a white blank screen on pages i don’t have the permissions on
Yoni Augarten

Yoni Augarten

10/05/2022, 8:37 PM
Yes, that's a usability issue - we hope to solve it as part of the issue I mentioned above.
k

Kevin Vasko

10/05/2022, 8:38 PM
yup yup, this works