UI - user can't delete secret under specific path

[lukpep]

Describe the bug
user with policy:

path "app-secrets/data/application_1/*" {
  capabilities = ["create", "update", "read", "delete", "list"]
}

# required so that users can navigate in the UI - related to https://github.com/hashicorp/vault/issues/5362
path "app-secrets/*" {
  capabilities = ["list"]
}

is able to create and edit secrets (as expected) only under application_1 path in app-secrets engine. Delete is not possible - option is missing in UI menu:

only after I add this to a user policy:

path "app-secrets/*" {
  capabilities = ["delete"]
}

option in UI appears:

To Reproduce
create user with the above policy and verify options available in the UI

Expected behavior
Users should be allowed to delete secrets under the specific paths with this first policy.

Environment:

• Vault Server Version 1.8.4
• Vault CLI Version Vault v1.8.4 (925bc65)
• Server Operating System/Architecture: K8s linux x86

[hsimon-hashicorp]

Hi @lukpep! This is fixed in version 1.9. It was not backported to 1.8, because so much work went into the kv revamp in 1.9 that it would have been difficult to get all of those updates in 1.8. Please try 1.9 and let me know if it fixes the issue for you. Thanks!

[lukpep]

Yep - upgraded my clusters and now it works as expected ;-) Thank You!
Although #5362 is still there - the user has to be able to list all secret paths / or now exactly what to look for:

[hsimon-hashicorp]

Thanks @lukpep! We'll keep looking for ways to make the kv v2 experience better. Really appreciate your time! :)