Vault Token works in CLI but not web GUI

awidner · April 1, 2021, 7:36pm

Running into an odd issue. We have a policy setup attached to an LDAP group. The user is able to login to the web GUI , but unable to hit a sub-path that he has read permissions on.

When checking the capabilities in the CLI (in the web GUI) he is able to read and create secrets at the sub-path.

Here is the policy:

path "/top-path" {
  capabilities = ["read"]
}

# read all on secrets
path "/top-path/sub-path" {
  capabilities = ["read", "list", "create"]
}

# allow all on secrets
path "/top-path/sub-path/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}```

grantorchard1 · April 6, 2021, 1:34pm

You probably want list in the first item for this to work in the UI. Because you use absolute paths in the CLI you don’t run into this, but since you “click through” in the UI you would need list to render the oaths contained there.

Cheers,
Grant

awidner · April 7, 2021, 3:32pm

Thanks, that worked.

Topic		Replies	Views
Vault Policy & Web GUI Vault	5	1900	September 24, 2020
Token can't access path .. im crazy with this Vault	1	110	April 8, 2024
Trying to understand path mapping with LDAP groups Vault	2	368	October 24, 2020
Vault web UI always says 403 permission denied on LDAP users Vault	2	1301	May 30, 2023
Vault-PKI policy problem Vault	2	617	March 10, 2023

Vault Token works in CLI but not web GUI

Related topics