Description
After upgrading the self-hosted NetBird server from 0.69.0 to any 0.70.x version, regular users (role = user) can no longer see the peer list in the dashboard. They only see the single peer they personally registered. Rolling back to 0.69.0 immediately restores the correct behavior.
The WireGuard connections themselves continue to work fine — netbird status -d on the CLI shows all peers connected correctly. The issue is purely with the dashboard HTTP API returning an empty/restricted peer list for regular users.
Environment
-
NetBird server version before upgrade:
0.69.0(working) -
NetBird server version after upgrade:
0.70.5(broken) -
Deployment type: Self-hosted, combined
netbird-servercontainer -
Store engine: PostgreSQL
-
IdP: Embedded Dex with Google OAuth
-
TLS: Disabled on server (reverse proxy handles TLS)
-
Dashboard version:
v2.37.1
Steps to Reproduce
-
Run a self-hosted NetBird instance on
0.69.0with regular users (role = user) who can see the peer list in the dashboard via group/policy membership -
Upgrade the
netbird-serverDocker image from0.69.0to0.70.x -
Log into the dashboard as a regular user
-
Navigate to the Peers page
Expected Behavior
Regular users should see all peers they have access to via group/policy membership, as they did in 0.69.0. This is the documented behavior:
“User role - has limited access to the account, allowing users to view peers they own and others they can connect to.” — https://docs.netbird.io/manage/team/add-users-to-your-network
Actual Behavior
Regular users only see the single peer they personally registered/own. All other peers — which they are connected to via group policies and can reach over WireGuard — are invisible in the dashboard.
The management server logs show repeated 403 permission denied errors for the regular user on every dashboard API call: ERRO … HTTP response: GET /api/locations/countries status 403