Skip to content

Create User button enabled if user doesn't have CreateUser permission #3232

New issue
New issue
Closed
Closed
Create User button enabled if user doesn't have CreateUser permission#3232
Assignees
jinapurapu
Labels
UIUser Interfacebugthis needs to be fixed
@jinapurapu

Description

@jinapurapu
jinapurapu
opened on Feb 9, 2024

Expected Behavior

User with "admin:ListUser" policy but no "admin:CreateUser" policy should be able to view ListUsers screen with Create User button disabled.

Current Behavior

User with "admin:ListUser" policy but no "admin:AddUser" policy has enabled Create User button on ListUsers screen, can access AddUserScreen and attempt to add a User - prompting access denied error.

Steps to Reproduce (for bugs)

  1. Create the following policy and apply it to a User
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "admin:ListGroups",
                "admin:ListUserPolicies",
                "admin:ListUsers",
                "admin:AttachUserOrGroupPolicy",
                "admin:GetUser"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        }
    ]
}
  1. Log in as the above User and navigate to List Users screen by clicking Identity>Users in menu
  2. Observe Create User button is enabled
  3. Click Create User Button to navigate to Add User screen and try to create a User
  4. Observe "Access Denied." error

Context

admin:CreateUser permission added to session for all users logged into Console

Metadata

Metadata

Assignees

Labels

UIUser Interfacebugthis needs to be fixed

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions