fix: [UIE-9795], [UIE-9796], [UIE-9797] - Enable account_viewer to access IAM User Details, User Roles and Entities (#13194)

mpolotsk-akamai · web-flow · commit 7515c1c709b9 · 2025-12-15T12:50:56.000+01:00
* fix: [UIE-9795], [UIE-9796] - Enable account_viewer to access IAM User Details and User Roles

* Added changeset: IAM: Enable account_viewer to access IAM User Details and User Roles

* disable chip

* fix: [UIE-9797] - Enable account_viewer to access IAM User Entites, chip fix

* changeset update
diff --git a/packages/manager/.changeset/pr-13194-fixed-1765470340634.md b/packages/manager/.changeset/pr-13194-fixed-1765470340634.md
@@ -0,0 +1,5 @@
+---
+"@linode/manager": Fixed
+---
+
+IAM: Enable account_viewer to access IAM User Details, User Roles and User Entities ([#13194](https://github.com/linode/manager/pull/13194))
diff --git a/packages/manager/src/features/IAM/Shared/AssignedRolesTable/AssignedRolesTable.tsx b/packages/manager/src/features/IAM/Shared/AssignedRolesTable/AssignedRolesTable.tsx
@@ -262,6 +262,7 @@ export const AssignedRolesTable = () => {
             ) : (
               <TableCell sx={{ display: { sm: 'table-cell', xs: 'none' } }}>
                 <AssignedEntities
+                  disabled={!permissions.is_account_admin}
                   onButtonClick={handleViewEntities}
                   onRemoveAssignment={handleRemoveAssignment}
                   role={role}
diff --git a/packages/manager/src/features/IAM/Users/UserDetails/UserProfile.tsx b/packages/manager/src/features/IAM/Users/UserDetails/UserProfile.tsx
@@ -19,22 +19,31 @@ import { UsernamePanel } from './UsernamePanel';
 
 export const UserProfile = () => {
   const { username } = useParams({ from: '/iam/users/$username' });
-  const { data: permissions } = usePermissions('account', ['is_account_admin']);
+  const { data: permissions } = usePermissions('account', [
+    'is_account_admin',
+    'view_account',
+  ]);
 
   const isAccountAdmin = permissions?.is_account_admin;
 
   const {
     data: user,
     error,
     isLoading,
-  } = useAccountUser(username ?? '', isAccountAdmin);
-  const { data: assignedRoles } = useUserRoles(username ?? '', isAccountAdmin);
+  } = useAccountUser(
+    username ?? '',
+    isAccountAdmin || permissions?.view_account
+  );
+  const { data: assignedRoles } = useUserRoles(
+    username ?? '',
+    isAccountAdmin || permissions?.view_account
+  );
 
   if (isLoading) {
     return <CircleProgress />;
   }
 
-  if (!isAccountAdmin) {
+  if (!(isAccountAdmin || permissions?.view_account)) {
     return (
       <Notice variant="error">
         You do not have permission to view this user&apos;s details.
diff --git a/packages/manager/src/features/IAM/Users/UserEntities/UserEntities.test.tsx b/packages/manager/src/features/IAM/Users/UserEntities/UserEntities.test.tsx
@@ -156,6 +156,7 @@ describe('UserEntities', () => {
     queryMocks.usePermissions.mockReturnValue({
       data: {
         is_account_admin: false,
+        view_account: false,
       },
     });
 
diff --git a/packages/manager/src/features/IAM/Users/UserEntities/UserEntities.tsx b/packages/manager/src/features/IAM/Users/UserEntities/UserEntities.tsx
@@ -23,16 +23,22 @@ import { NoAssignedRoles } from '../../Shared/NoAssignedRoles/NoAssignedRoles';
 export const UserEntities = () => {
   const theme = useTheme();
   const { username } = useParams({ from: '/iam/users/$username' });
-  const { data: permissions } = usePermissions('account', ['is_account_admin']);
+  const { data: permissions } = usePermissions('account', [
+    'is_account_admin',
+    'view_account',
+  ]);
   const {
     data: assignedRoles,
     isLoading,
     error: assignedRolesError,
-  } = useUserRoles(username ?? '', permissions?.is_account_admin);
+  } = useUserRoles(
+    username ?? '',
+    permissions?.is_account_admin || permissions?.view_account
+  );
 
   const { error } = useAccountUser(
     username ?? '',
-    permissions?.is_account_admin
+    permissions?.is_account_admin || permissions?.view_account
   );
 
   const hasAssignedRoles = assignedRoles
@@ -43,7 +49,7 @@ export const UserEntities = () => {
     return <CircleProgress />;
   }
 
-  if (!permissions?.is_account_admin) {
+  if (!(permissions?.is_account_admin || permissions?.view_account)) {
     return (
       <Notice variant="error">
         You do not have permission to view this user&apos;s entities.
diff --git a/packages/manager/src/features/IAM/Users/UserRoles/AssignedEntities.tsx b/packages/manager/src/features/IAM/Users/UserRoles/AssignedEntities.tsx
@@ -9,6 +9,7 @@ import type { CombinedEntity, ExtendedRoleView } from '../../Shared/types';
 import type { AccountRoleType, EntityRoleType } from '@linode/api-v4';
 
 interface Props {
+  disabled?: boolean;
   onButtonClick: (roleName: AccountRoleType | EntityRoleType) => void;
   onRemoveAssignment: (entity: CombinedEntity, role: ExtendedRoleView) => void;
   role: ExtendedRoleView;
@@ -18,6 +19,7 @@ export const AssignedEntities = ({
   onButtonClick,
   onRemoveAssignment,
   role,
+  disabled,
 }: Props) => {
   const theme = useTheme();
 
@@ -54,13 +56,17 @@ export const AssignedEntities = ({
       >
         <Chip
           data-testid="entities"
-          deleteIcon={<CloseIcon data-testid="CloseIcon" />}
+          deleteIcon={
+            disabled ? undefined : <CloseIcon data-testid="CloseIcon" />
+          }
           label={
             entity.name.length > 30
               ? `${entity.name.slice(0, 20)}...`
               : entity.name
           }
-          onDelete={() => onRemoveAssignment(entity, role)}
+          onDelete={
+            disabled ? undefined : () => onRemoveAssignment(entity, role)
+          }
           sx={{
             backgroundColor:
               theme.name === 'light'
diff --git a/packages/manager/src/features/IAM/Users/UserRoles/UserRoles.tsx b/packages/manager/src/features/IAM/Users/UserRoles/UserRoles.tsx
@@ -22,18 +22,24 @@ import { NoAssignedRoles } from '../../Shared/NoAssignedRoles/NoAssignedRoles';
 
 export const UserRoles = () => {
   const { username } = useParams({ from: '/iam/users/$username' });
-  const { data: permissions } = usePermissions('account', ['is_account_admin']);
+  const { data: permissions } = usePermissions('account', [
+    'is_account_admin',
+    'view_account',
+  ]);
   const theme = useTheme();
 
   const {
     data: assignedRoles,
     isLoading,
     error: assignedRolesError,
-  } = useUserRoles(username ?? '', permissions?.is_account_admin);
+  } = useUserRoles(
+    username ?? '',
+    permissions?.is_account_admin || permissions?.view_account
+  );
 
   const { error } = useAccountUser(
     username ?? '',
-    permissions?.is_account_admin
+    permissions?.is_account_admin || permissions?.view_account
   );
 
   const hasAssignedRoles = assignedRoles
@@ -45,7 +51,7 @@ export const UserRoles = () => {
     return <CircleProgress />;
   }
 
-  if (!permissions?.is_account_admin) {
+  if (!(permissions?.is_account_admin || permissions?.view_account)) {
     return (
       <Notice variant="error">
         You do not have permission to view this user&apos;s roles.

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@linode/manager": Fixed
 +---
++
 +IAM: Enable account_viewer to access IAM User Details, User Roles and User Entities ([#13194](https://github.com/linode/manager/pull/13194))