api-manager icon indicating copy to clipboard operation
api-manager copied to clipboard
verified publisher icon wso2

Custom Policies Option Shown for Tenant Admins

Open Avishka-Shamendra opened this issue 1 year ago • 0 comments

Description

The "Custom Policies" section in the Admin portal should be hidden for tenant admin users and only visible to super tenant admins.

This is suspected to be a UI issue. Access to policies for tenant admins has been restricted at the API level, and the error log below appears when attempting to load the UI.

The correct behavior can be observed in the APIM 4.3.0 pack.

Steps to Reproduce

  1. On 4.4.0 alpha pack create a tenant
  2. Login to admin portal with the admin user of above tenant
  3. Go to "Custom Policies" section, the below error will be logged

Affected Component

APIM

Version

4.4.0-alpha

Environment Details (with versions)

No response

Relevant Log Output

ERROR - ThrottlingApiServiceImpl You are not allowed to access this resource
org.wso2.carbon.apimgt.api.APIManagementException: Tenant test.com is not allowed to access custom rules. Only super tenant is allowed
	at org.wso2.carbon.apimgt.rest.api.admin.v1.impl.ThrottlingApiServiceImpl.checkTenantDomainForCustomRules(ThrottlingApiServiceImpl.java:1604) ~[?:?]
	at org.wso2.carbon.apimgt.rest.api.admin.v1.impl.ThrottlingApiServiceImpl.throttlingPoliciesCustomGet(ThrottlingApiServiceImpl.java:907) ~[?:?]

Related Issues

No response

Suggested Labels

No response

Avishka-Shamendra avatar Oct 08 '24 08:10 Avishka-Shamendra