Feature #65011: policy: AccessDenied errors should say which policy denied access - rgw - Ceph

Actions

Copy link

Feature #65011

open

policy: AccessDenied errors should say which policy denied access

Added by Casey Bodley about 1 month ago.

Status:

New

Priority:

Normal

Assignee:

Target version:

% Done:

Source:

Tags:

iam policy

Backport:

Reviewed:

Affected Versions:

Pull request ID:

Description

set a s->err.message to be returned in the <Message> field of <Error> responses

some examples from https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_access-denied.html#access-denied-error-examples

User: arn:aws:iam::123456789012:user/JohnDoe is not authorized to perform:
secretsmanager:GetSecretValue because no resource-based policy allows the secretsmanager:GetSecretValue action

User: arn:aws:iam::123456789012:user/JohnDoe is not authorized to perform:
secretsmanager:GetSecretValue on resource: arn:aws:secretsmanager:us-east-1:123456789012:secret:* with an explicit deny in a resource-based policy

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph » rgw

Custom queries

Feature #65011

policy: AccessDenied errors should say which policy denied access