[v9] revert #9540 (static role check for access request deletion) #11221
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
xacrimon
approved these changes
Mar 17, 2022
nklaassen
approved these changes
Mar 17, 2022
Closed
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR reverts #9540. As #9540 was never backported at the time, it's only in
masterand v9. (see #11220)The original intent behind #9540 was to mitigate the lack of visibility over access request deletions, as a malicious actor who was able to escalate permissions through access requests in such a way that they were also granted deletion permissions could acquire credentials and then delete the access requests used to hide their tracks.
After #9758 and #9552 this concern no longer exists, and (as @nklaassen found out) the way #9540 is implemented breaks
tctl requests rm(because the system user used by tctl with theAdminrole is not a user that exists in the backend), so the cleanest solution is to remove this special case altogether.