Description of problem: We've got some unnecessary global roles, a couple that need combining, and we should remove most of the default user permission assignments Delete the following roles: Global Provider Creator Global Pool Creator Combine the following roles into Global Pool User: Global Deployable User Global Catalog User Global Pool User Remove the all default permission assignments for new users except for 'Global HWP User' (admins will assign users to appropriate environments and pools):
One modification. For now we're sticking with the Pool User role on the 'Default' Pool -- and _adding_ 'Pool Family User' on the default pool family for new users.
Patch on-list here: https://fedorahosted.org/pipermail/aeolus-devel/2012-March/009446.html minor change to overrides/en.yml for internal repo as well (removal of obsolete entries)
*** Bug 798120 has been marked as a duplicate of this bug. ***
patch posted to master at: d3eb97aa67b753a6953427ddb94902f46034ba6c bug is MODIFIED but the internal patch isn't yet pushed (depends on the external one being moved over first)
internal patch posted to 1.0-product: 80092dfaf0290d83854720c27f0e68f3cb082d77
As per the description:- Deleting the following roles: Global Provider Creator Global Pool Creator ===> global zone Creator above roles are not an option in the drop-down box for global roles grants.so this requirement is complete. Combine the following roles into Global Pool User: Global Deployable User==>Global application User Global Catalog User Global Pool User ==>Global Zone User Global Zone User is the only available option in the drop-down box for global roles grants.This role is able to preform catalog and application user tasks like:- 1. Can view,use,launch,stop,restart any Deployable 2. Can view any catalog 3. Can view any zone,create new instances in any zone,create new application in any zone,view Quota usage for any zone. Marking the bug as verified based on above observation.
More observation on default permissions:- 1.any new user is assigned the "Global Profile User " by default,as per the description of the problem. 2.Default Cloud assigns "Cloud User" role to every new user. 3.Default Cloud Zone assigns "Zone User" role to every new user. 2-3 is as per the requirement specified in comment#1 So all requirements are fulfilled and hence bug is verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2012-0583.html