luganofer opened a new issue, #10269: URL: https://github.com/apache/cloudstack/issues/10269
### problem If a user and account are created and the account is assigned either of the default CloudStack roles ‘Read Only User - Default’ or ‘Support User - Default’, it is not possible to use the second factor authentication. Listing providers to enable 2FA is not possible and therefore the process cannot be completed.  ### versions At least in CloudStack 🐵 version 4.18.2.3 and 4.19.1.3 ### The steps to reproduce the bug 1. Create an account using the role ‘Read Only User - Default’ or ‘Support User - Default’. 2. Create a user that belongs to the account created in the previous step. 3. Log in with the user on a domain that requests 2FA for validation. 4. It is not possible to choose the 2FA provider and therefore activate 2FA. ### What to do about it? The expected action would be to list the suppliers for 2FA and the process can be completed. As a workaround you can create a new role (copying the permissions of the ones affected by the bug) and add these API calls as allowed: setupUserTwoFactorAuthentication validateUserTwoFactorAuthenticationCode listUserTwoFactorAuthenticatorProviders -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
