Problem
The mount_restrictor script only allows users with ROLE_ADMIN to perform data storage mount operations. Users who have ROLE_STORAGE_ADMIN (storage administration rights) but not full admin are blocked from mounting, even though their role is intended to manage storage.
Impact
- Storage admins cannot use mount functionality (e.g. mount data storages in runs or environments) without being granted ROLE_ADMIN.
- Behavior is inconsistent with the purpose of ROLE_STORAGE_ADMIN.
Expected behavior
Users with ROLE_STORAGE_ADMIN should be able to perform data storage mounts in the same way as users with ROLE_ADMIN, without requiring full admin rights.
Affected component
workflows/pipe-common/shell/mount_restrictor
Problem
The
mount_restrictorscript only allows users with ROLE_ADMIN to perform data storage mount operations. Users who have ROLE_STORAGE_ADMIN (storage administration rights) but not full admin are blocked from mounting, even though their role is intended to manage storage.Impact
Expected behavior
Users with ROLE_STORAGE_ADMIN should be able to perform data storage mounts in the same way as users with ROLE_ADMIN, without requiring full admin rights.
Affected component
workflows/pipe-common/shell/mount_restrictor