When list accounts with id as a normal user, the error message shows
(localcloud) SBCM5> > list accounts id=4
🙈 Error: (HTTP 531, error code 4365) Acct[f28ad9ca-038a-4da2-9a61-6742f12d6a61-config] -- Account {"id": 105, "name": "config", "uuid": "f28ad9ca-038a-4da2-9a61-6742f12d6a61"} does not have permission to operate with resource Acct[f814f7d2-49b0-4fae-9066-036f75dbc839-ACSUser] -- Account {"id": 4, "name": "ACSUser", "uuid": "f814f7d2-49b0-4fae-9066-036f75dbc839"}
it is ok for root admins, but for normal users, it is very bad.
By this way, normal users are able to get (1) how many domains and accounts in the system; (2) the name of the accounts.
I believe same issue exists in some other APIs.
ISSUE TYPE
COMPONENT NAME
CLOUDSTACK VERSION
SUMMARY
STEPS TO REPRODUCE
EXPECTED RESULTS
ACTUAL RESULTS
When list accounts with id as a normal user, the error message shows
it is ok for root admins, but for normal users, it is very bad.
By this way, normal users are able to get (1) how many domains and accounts in the system; (2) the name of the accounts.
I believe same issue exists in some other APIs.
ISSUE TYPE
COMPONENT NAME
CLOUDSTACK VERSION
SUMMARY
STEPS TO REPRODUCE
EXPECTED RESULTS
ACTUAL RESULTS