Aditya Manthramurthy 0ae4915a93 fix: permission checks for editing access keys (#18928) ...

With this change, only a user with `UpdateServiceAccountAdminAction`
permission is able to edit access keys.

We would like to let a user edit their own access keys, however the
feature needs to be re-designed for better security and integration with
external systems like AD/LDAP and OpenID.

This change prevents privilege escalation via service accounts.

2024-01-31 10:56:45 -08:00

9.0 KiB

Raw Blame History

View Raw