Setup

• Rancher version: 2.6.2
• Browser type & version: Chrome, Version 95.0.4638.54 (Official Build) (x86_64)

Describe the bug

User who is assigned the clusterRole monitoring-ui-view Should be able to click and open the URLs for Altermamgne, Grafana, Prometheus and etc. in the Monitoring Dashboard page in Cluster Explorer

To Reproduce

Steps:

• as admin, create a downstream cluster and enable monitoring v2
• as admin, create a local user user1 and assign it to be project-member of a project p1 in the cluster
• as admin, create the clusterRoleBinding (monitoring-ui-view, user-1 )
• log in as user-1, go to the cluster explorer UI -> monitoring tab

Result

• links on the monitoring dashboard are greyed out and not clickable
• but user-1 can open the grafana/Prometheus/etc URLs provided by the admin

Expected Result

These Links should be available

Screenshots

There is one failed call in the traffic:

Request URL: https://xxx.xxx.xx.xx/k8s/clusters/c-7nm22/v1/endpoints/cattle-monitoring-system/rancher-monitoring-alertmanager
Request Method: GET
Status Code: 403 Forbidden

Getting the endpoint for Alertmanager in the cattle-monitoring-system namespace is not needed for showing the links. Somehow the UI is trying to get some unnecessary resources which makes the links unavailable?

Update 1:
New tests show that:
the UI works as expected (links are available) when the user is assigned the view monitoring role via the old cluster management UI, but does not work if create the clusterRoleBinding (monitoring-ui-view, user-1 ) via kubectl.
in both cases, UI sends a GET request to v1/endpoints/cattle-monitoring-system/rancher-monitoring-alertmanager and fail with 403 forbidden