Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Internal 'admin' can't create Security Reports for Access Monitoring #50699

Open
benarent opened this issue Jan 2, 2025 · 0 comments
Open

Internal 'admin' can't create Security Reports for Access Monitoring #50699

benarent opened this issue Jan 2, 2025 · 0 comments
Labels
access-monitoring bug

Comments

@benarent
Copy link
Contributor

benarent commented Jan 2, 2025
edited
Loading

Expected behavior:
Teleport should create a Security Report for a user. When fixing my Access Monitoring setup, I still received an error message when viewing the Privileged Access Report. I tried to run audit report run on my Teleport cluster but I received the below error message. I was able to fix the reports, but running privilege_access_report locally and then my cluster was able to show to report to me.

I expect, the internal Teleport system is missing the right permissions use to run reports for users. If I re-run a report in the UI, I'm also unable to get a 90 , 120 day view that's accurate.

# Error Message when running create report on the auth server. 
ERROR REPORT:

Original Error: *trace.TraceErr access denied to perform action "use" on "security_report"

Stack Trace:

        [github.com/gravitational/teleport/tool/tctl/common/accessmonitoring/command.go:123](http://github.com/gravitational/teleport/tool/tctl/common/accessmonitoring/command.go:123) [github.com/gravitational/teleport/tool/tctl/common/accessmonitoring.(*Command).TryRun](http://github.com/gravitational/teleport/tool/tctl/common/accessmonitoring.(*Command).TryRun)

        [github.com/gravitational/teleport/tool/tctl/common/tctl.go:283](http://github.com/gravitational/teleport/tool/tctl/common/tctl.go:283) [github.com/gravitational/teleport/tool/tctl/common.TryRun](http://github.com/gravitational/teleport/tool/tctl/common.TryRun)

        [github.com/gravitational/teleport/tool/tctl/common/tctl.go:114](http://github.com/gravitational/teleport/tool/tctl/common/tctl.go:114) [github.com/gravitational/teleport/tool/tctl/common.Run](http://github.com/gravitational/teleport/tool/tctl/common.Run)

        [github.com/gravitational/teleport/tool/tctl/main.go:32](http://github.com/gravitational/teleport/tool/tctl/main.go:32) main.main

        runtime/proc.go:272 runtime.main

        runtime/asm_arm64.s:1223 runtime.goexit

User Message: access denied to perform action "use" on "security_report"

Bug details:

  • Teleport version: 17.1.1
  • Recreation steps
  • Debug logs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
access-monitoring bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@benarent @zmb3