SUSE Support

Here When You Need Us

After Rancher 2.6.x upgrade, HTTP 403 Errors in Rancher UI

This document (000020710) is provided subject to the disclaimer at the end of this document.

Environment

Several features of Rancher UI don't work and return HTTP 403 for some users after Rancher upgrade from 2.6.x :
- Shell execution
- Yaml editing

Situation

For some users, several Rancher features are not working and returning HTTP 403 (Forbidden)

Rancher Trace log:
User-system-serviceaccount-cattle-impersonation-system-cattle-impersonation-u-vnds56pccy-cannot-impersonate-resource-users-in-API-group-at-the-cluster-scope-due-to-missing-clusterrolebinding

Resolution

1. Check RBAC Clusterroles and Clusterrolebindings of the affected user 
## Clusterroles of the user
$ kubectl get clusterrole | grep u-b3l74guter
 
## Clusterrolebindings of the  user
$ kubectl get clusterrolebinding | grep u-b3l74guter

2. From the previous output, the expected Clusterrole cattle-impersonation-u-xxxxxxxx is present, but the Clusterrolebinding is absent.

3. Delete the cattle-impersonation-user-xxxx Clusterrole of the user
$ kubectl delete clusterrole cattle-impersonation-u-b3l74guter
4. Trigger the recreation of the Clusterrole and Clusterrolebinding by browsing to a Rancher feature.

e.g: open a Monitoring link in the cluster
    This action triggered the recreation of the Clusterrole and Clusterrolebinding

Additional Information

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020710
  • Creation Date: 26-Jul-2022
  • Modified Date:31-Aug-2022
    • SUSE Rancher

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.