Access Denied when updating access token

[nreisingercres]

I'm not sure if this belongs here or in the main repo, but I see the issue in the console.

Expected Behavior

I should have access to update my own token.

Current Behavior

Access is denied when pressing update

Possible Solution

Give users permission to update their own access tokens

Steps to Reproduce (for bugs)

1. Create a user without admin:UpdateServiceAccount (I tested with the default readonly role)
2. Use that user to create an access token
3. Again use that user to try an update the token

Context

I am trying to update an access token without recreating it.

Regression

I don't think so.

Your Environment

• MinIO version used (minio --version):

minio version RELEASE.2024-09-22T00-33-43Z (commit-id=03e996320ebb887112fb2a15c6f27936e5f124a0)
Runtime: go1.22.7 linux/amd64
License: GNU AGPLv3 - https://www.gnu.org/licenses/agpl-3.0.html
Copyright: 2015-2024 MinIO, Inc.

• Server setup and configuration: Running in podman across 3 servers.
• Operating System and version (uname -a): Linux minio 6.1.0-25-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.106-3 (2024-08-26) x86_64 x86_64 x86_64 GNU/Linux

[ramondeklein]

Tested and confirmed that users cannot update access-tokens that they have created.

[bexsoft]

@nreisingercres Have you tried to update the session token by using mc?

@ramondeklein Do you think this issue belongs to Console or should it be moved to MinIO repository?

[nreisingercres]

@nreisingercres Have you tried to update the session token by using mc?

I just tried using mc admin user svcacct edit and I got mc: <ERROR> Unable to edit the specified service account. Access Denied.