Robot account cannot access vulnerability report

[szczad]

If you are reporting a problem, please make sure the following information are provided:

Expected behavior and actual behavior:

A robot account cannot access a vulnerability report through API.

As a developer, I want to retrieve a scan report for further processing (report generation, auditing, etc.) using non-user account.

Currently, the account can start or stop the scan but cannot retrieve scan result.

Steps to reproduce the problem:
Please provide the steps to reproduce this problem

• Log in as the administrator
• Go to robot accounts page
• Create new account
• Provide details
• Select start scan and stop scan. No option for fetch scan.

Versions:
Please specify the versions of following systems.

• harbor version: 2.5.1

[zyyw]

Hi @szczad , I think this is by design, as we can see that ResourceArtifactAddition is currently not listed as one of the 19 permissions:

[szczad]

I'm not even trying to argue.

The point is - my instance has OIDC enabled so I cannot add custom users anymore. Additionally, the robotic account cannot fetch scan results. It's not even a tie. I have been defeated by the design as my report generation tool cannot fetch the list of vulnerabilities from the CI pipeline.

[MinerYang]

hi @szczad ,
pls refer to this solution #14145 (comment)

[szczad]

Hi @MinerYang,

The solution seems not so smooth, but I can confirm it works if the account has artifact-addition -> read permissions!

Thanks for the workaround, however, it would be nice to have it in the UI.