User with write capabilities on namespace cannot view task filesystem via UI, but can via CLI

[msherman13]

Nomad version

Nomad v1.10.0
BuildDate 2025-04-09T16:40:54Z
Revision e26a2bd2acac2dcdcb623f4d293bac096beef478

Operating system and Environment details

Rocky 9

Issue

For users that are permissioned on a namespace with write capabilities (see ACL policy below), they can access the task filesystem via CLI but not UI.

namespace "my_namespace" {
  policy = "write"

  variables {
    path "*" {
      capabilities = ["write", "read", "destroy", "list"]
    }   
  }
}

Reproduction steps

User tries to open the Files tab of a running task

Expected Result

Files in the task filesystem are shown

Actual Result

"Not Authorized" error in the UI. However, user is able to navigate the filesystem and display file content via CLI i.e. nomad alloc fs -namespace my_namespace <alloc_id>.

[tgross]

@msherman13 can you double-check that your policy meets the guidelines in the Configure ACLs for Web UI section of the docs? Typically the web UI is going to need read access to agent and node (the web UI hits a richer set of endpoints than the CLI does).