Remove support for priv-noaccess role
A user created with no-access privilege is allowed to login but can not logout. Any no-access user can create many and many login sessions and exhaust the bmc without logging out. No-access role was basically added to support the IPMI usecase, where a user can be created first and then is assigned a privilege. This is being reworked at IPMI interface and the dependency on the no-access privilege is being removed completely. Following two commits were added to support the priv-noaccess in user-manager and bmcweb: [1] https://github.com/openbmc/bmcweb/commit/e9e6d240ab85e515f8d264e39b47a75043b73374 [2] https://github.com/openbmc/phosphor-user-manager/commit/7c6e7cffaf061aabfe5489ef52442e2f7cbd0fb7 This commit removes the no-access role support at bmcweb by reverting the commit: [1] https://github.com/openbmc/bmcweb/commit/e9e6d240ab85e515f8d264e39b47a75043b73374 The user-manager change w.r.t this change is at: [1] https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-user-manager/+/52363 Tested By: 1. Create an LDAP user with priv-noaccess. Verify the login attempt fails with accessDenied error 2. Verified the other role users can login Signed-off-by:Asmitha Karunanithi <asmitk01@in.ibm.com> Change-Id: I5ac8a58d9146379c9ce3be804d476ea85835bb2f
Loading
Please register or sign in to comment