Back to bug 1511697

Who When What Removed Added
Yaniv Kaul 2017-11-09 22:14:39 UTC CC aperotti
Flags needinfo?(aperotti)
Andrea Perotti 2017-11-09 22:22:10 UTC Version 4.1.9 4.1.6
Flags needinfo?(aperotti)
Michal Skrivanek 2017-11-10 06:21:17 UTC CC michal.skrivanek
oVirt Team Virt Infra
Martin Perina 2017-11-10 13:33:55 UTC CC mperina
oVirt Team Infra SLA
Marina Kalinin 2017-11-10 20:00:41 UTC Keywords FutureFeature
CC mkalinin
Summary Unable to set permission on all but Hosted-Engine VM and Storage Domain [RFE]Unable to set permission on all but Hosted-Engine VM and Storage Domain
Severity unspecified high
Red Hat Bugzilla Rules Engine 2017-11-10 20:00:51 UTC Target Milestone --- ovirt-4.3.0
Andrea Perotti 2017-11-14 12:54:13 UTC Summary [RFE]Unable to set permission on all but Hosted-Engine VM and Storage Domain [RFE] Unable to set permission on all but Hosted-Engine VM and Storage Domain
Marina Kalinin 2017-11-15 15:23:20 UTC CC ylavi
Flags needinfo?(ylavi)
Yaniv Lavi 2017-11-19 14:03:52 UTC CC msivak
Flags needinfo?(ylavi) needinfo?(msivak)
Martin Sivák 2017-11-20 08:34:39 UTC Flags needinfo?(msivak)
Yaniv Kaul 2017-11-20 08:42:16 UTC Flags needinfo?(msivak)
Martin Sivák 2017-11-22 13:09:40 UTC Flags needinfo?(msivak) needinfo?(mperina)
Marina Kalinin 2017-12-07 18:50:33 UTC Blocks 1520566
Whiteboard rhv_cee_top50
Marina Kalinin 2017-12-07 18:52:28 UTC Whiteboard rhv_cee_top50
Chris Van Hoof 2017-12-07 19:06:02 UTC Blocks 1523346
Igor Netkachev 2017-12-08 12:58:51 UTC CC inetkach
Marina Kalinin 2018-02-21 01:18:14 UTC Blocks 1520566
PnT Account Manager 2018-07-18 15:37:15 UTC CC rbalakri
Olimp Bockowski 2018-09-13 08:12:22 UTC CC obockows
Flags needinfo?(mperina)
Yaniv Kaul 2018-09-13 08:13:25 UTC CC ykaul
PnT Account Manager 2018-11-05 23:00:05 UTC CC ylavi
Ryan Barry 2018-11-14 10:46:58 UTC CC rbarry
oVirt Team SLA Integration
Martin Perina 2018-11-14 11:53:41 UTC oVirt Team Integration Infra
Martin Perina 2019-01-09 11:14:41 UTC Assignee nobody rnori
Martin Perina 2019-01-15 10:45:59 UTC Target Milestone ovirt-4.3.0 ovirt-4.3.1
Flags needinfo?(mperina) needinfo?(mperina)
Red Hat Bugzilla Rules Engine 2019-01-15 10:46:02 UTC Target Release --- 4.3.0
Ravi Nori 2019-02-01 18:56:39 UTC Assignee rnori emesika
Moran Goldboim 2019-02-05 12:44:48 UTC CC mgoldboi
Eli Mesika 2019-02-19 10:46:18 UTC Status NEW POST
Link ID oVirt gerrit 97689
Doc Text Feature:
Enable only super-users to perform operations on Hosted Engine resources, giving a clear error for non authorized acess

Reason:
Hosted Engine VM and storage domain/s are special resources

Result:
If a user try to access a Hosted Engine resource without being a super-user, the operation will fail with a clear error message
Doc Type If docs needed, set a value Enhancement
Lukas Svaty 2019-02-20 11:59:42 UTC CC lsvaty
QA Contact mavital lleistne
Lucie Leistnerova 2019-02-20 16:29:11 UTC QA Contact lleistne pmatyas
Martin Perina 2019-02-21 11:26:00 UTC Status POST MODIFIED
CC apinnick
Doc Text Feature:
Enable only super-users to perform operations on Hosted Engine resources, giving a clear error for non authorized acess

Reason:
Hosted Engine VM and storage domain/s are special resources

Result:
If a user try to access a Hosted Engine resource without being a super-user, the operation will fail with a clear error message 		In the previous RHV Manager versions all administrators who have privileges for cluster, where hosted engine was running was able to perform operations on hosted engine VM, which sometimes lead to breakages.

From RHV Manager 4.3 only administrators who has SuperUser role assigned can manipulate hosted engine VM and its storage.

This change should be mentioned in documentation, but I think it's also worth to mention that in release notes (administrators without SuperUser role won't be able to manage hosted engine VM after upgrade to RHVM 4.3).
Doc Type Enhancement Release Note
Avital Pinnick 2019-02-21 13:11:40 UTC Doc Text In the previous RHV Manager versions all administrators who have privileges for cluster, where hosted engine was running was able to perform operations on hosted engine VM, which sometimes lead to breakages.

From RHV Manager 4.3 only administrators who has SuperUser role assigned can manipulate hosted engine VM and its storage.

This change should be mentioned in documentation, but I think it's also worth to mention that in release notes (administrators without SuperUser role won't be able to manage hosted engine VM after upgrade to RHVM 4.3). 		Previously, an admininistrator with the `ClusterAdmin` role was able to modify the self-hosted engine virtual machine, which could cause damage. In the current release, only a `SuperUser` can modify a self-hosted engine and its storage domain.
errata-xmlrpc 2019-02-21 17:25:07 UTC Status MODIFIED ON_QA
Petr Matyáš 2019-02-25 11:42:12 UTC Status ON_QA VERIFIED
Rolfe Dlugy-Hegwer 2019-03-01 17:37:32 UTC CC rdlugyhe
Doc Text Previously, an admininistrator with the `ClusterAdmin` role was able to modify the self-hosted engine virtual machine, which could cause damage. In the current release, only a `SuperUser` can modify a self-hosted engine and its storage domain. Previously, an administrator with the `ClusterAdmin` role was able to modify the self-hosted engine virtual machine, which could cause damage. In the current release, only a `SuperUser` can modify a self-hosted engine and its storage domain.
Gil Klein 2019-04-14 12:34:10 UTC CC gklein
errata-xmlrpc 2019-04-30 00:05:47 UTC Status VERIFIED RELEASE_PENDING
errata-xmlrpc 2019-05-08 12:36:48 UTC Status RELEASE_PENDING CLOSED
Resolution --- ERRATA
Last Closed 2019-05-08 12:36:48 UTC
errata-xmlrpc 2019-05-08 12:37:12 UTC Link ID Red Hat Product Errata RHEA-2019:1085

Back to bug 1511697