dCache View admin part is exposed also to non-authenticated users (read only) #7932
Description
Dear dCache developers,
We at KIT have encountered a potential issue with the access to dCache View via Browser, in particular the admin part.
In case of the part not related to admin, e.g.:
https://ppsdcacheweb-kit.gridka.de:3880
There is a distinction of non-authenticated users (including those with non-admin certificates for example), and users authenticated as admins.
For example, admins see many more buttons on the left, including
- "Your home directory"
- "Namespace view"
- "shared files"
- "Virtual directories"
- "Your profile"
Non-authenticated users see only "Namespace view" and "shared files". And then - depending on directory and file permissions - full file files can or can't be accessed in read-only mode by such users.
Now the issue with the admin part is, that once you figure out that you need to use https://ppsdcacheweb-kit.gridka.de:3880/admin, there is no distinction between non-authenticated and authenticated users - all information is exposed.
While that might be useful and OK for non-confidential data, I see in particular for "Active Transfers", "Tape Transfer Queue", and "Space Tokens" that information is readable, which some VOs/experiments might consider confidential, being it full file paths (which might include user names), space quota, dCache uid/gid vaules, etc.
I know, that there is a setting frontend.authz.anonymous-operations = READONLY which might disable it all with NONE value.
However, I have the impression, that the admin part was separated from the main part since 10.2 (it was differently e.g. with 9.2), and the destinction of user privileges was lost by that, I suppose.
Would you please have a look at that? Ideally, it would be good to have a more granular distinction than the 2 cases of:
- admin
- anonymous
or at least a differentiation on which colums/which data is exposed to anonymous users.
@mksahakyan FYI (we discussed that in the T1 call)