Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

admin identities have bind and dial permissions to services #1781

Closed
scareything opened this issue Feb 28, 2024 · 1 comment
Closed

admin identities have bind and dial permissions to services #1781

scareything opened this issue Feb 28, 2024 · 1 comment

Comments

@scareything
Copy link
Member

Admin identities have bind and dial permissions to any/all services. This causes tunnelers to intercept and host services when run with an admin identity, which can lead to potentially confusing issues like connection feedback.

Admin identifies would be more predicable and practical if they didn't automatically have bind and dial permissions to services. Instead these permissions can be granted with policies as desired by the end-user.
scareything added a commit that referenced this issue Feb 28, 2024
@scareything
don't add bind and dial permissions to services for admins. fixes #1781.
61d75bc
scareything added a commit that referenced this issue Feb 28, 2024
@scareything
don't add bind and dial permissions to services for admins. fixes #1781.
5b662fa
scareything added a commit that referenced this issue Feb 28, 2024
@scareything
don't add bind and dial permissions to services for admins. fixes #1781.
9d749e8
scareything added a commit that referenced this issue Feb 28, 2024
@scareything
don't add bind and dial permissions to services for admins. fixes #1781.
a0b6efb
@scareything scareything mentioned this issue Feb 28, 2024
Closed
scareything added a commit that referenced this issue Feb 28, 2024
@scareything
respect service policies for admin identities. fixes #1781.
0e4ef2b
scareything added a commit that referenced this issue Apr 9, 2024
@scareything
respect service policies for admin identities. fixes #1781.
aad84a2
@plorenz
Copy link
Member

plorenz commented Apr 24, 2024

Fixed in #1782

@plorenz plorenz closed this as completed Apr 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

don't add bind and dial permissions to services for admins openziti/ziti
2 participants
@plorenz @scareything