We're updating the issue view to help you get more done. 

In a non-hidden secret, only secret's creator/admins can update the secret's visibility and "is_hidden" attribute. In a hidden secret, they are the only ones to perform any type of update to the secret.

Description

The first user creates a secret, second user update secret to hidden-value.
This action should fail due to user permissions.

Steps to Reproduce

Environment:
OS (CLI), HA cluster, cloud provider
------------------------------------

Steps to reproduce:
------------------
1. Create two users under the same tenant
2. Create regular secret by one of the users
3. Set profile to second user and update the secret to hidden-value

Expected result:
---------------
The action will fail with a related error message

Actual result:
-------------
The action passed, and now the secret is hidden.
Although, when you try to update the secret to not-hidden-value secret, the action will fail with a matching error message.

Why Propose Close?

None

Status

Assignee

Inbal Amrani

Reporter

Uri Wygodny

Labels

None

Severity

Medium

Target Version

4.4

Premium Only

no

Found In Version

4.4

QA Owner

Uri Wygodny

Bug Type

new feature bug

Customer Encountered

No

Customer Name

None

Release Notes

no

Priority

None

Sprint

None

Priority

Unprioritized