Red Hat Bugzilla – Full Text Bug Listing
|Summary:||[RFE] Predefined role which is equivalent of ORG ADMIN|
|Product:||Red Hat Satellite 6||Reporter:||Rishi <rjain>|
|Component:||Users & Roles||Assignee:||Marek Hulan <mhulan>|
|Status:||CLOSED ERRATA||QA Contact:||Renzo Nuccitelli <rnuccite>|
|Version:||6.1.1||CC:||aladke, aperotti, asahni, bbuckingham, bkearney, daniele, dcaplan, egolov, fgarciad, hjensas, howey.vernon, johan.bergstrom, jswensso, jyejare, ktordeur, mhulan, mmccune, orabin, oshtaier, pmutha, riehecky, rnuccite, robert.miyata, sokeeffe, sreber, ssherkar, xdmoon|
|Target Milestone:||GA||Keywords:||FutureFeature, Triaged|
|Fixed In Version:||Doc Type:||Enhancement|
|Doc Text:||Story Points:||---|
|Last Closed:||2018-02-21 07:30:53 EST||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
|Bug Blocks:||1296845, 1353215|
Comment 4 Bryan Kearney 2015-11-13 11:35:50 EST
*** Bug 1280468 has been marked as a duplicate of this bug. ***
Comment 6 Mike McCune 2016-01-14 00:38:19 EST
A first pass at a temporary script to create a single Role for every Organization with all permissions assigned to this role *except* the ability to create other Organizations as well as modify Roles can be found here: http://people.redhat.com/~mmccune/create_org_admins.rake To run this utility do the following: 1) Download to your Satellite 6.1 system: # curl http://people.redhat.com/~mmccune/create_org_admins.rake > /usr/share/foreman/lib/tasks/create_org_admins.rake 2) Execute the script: # foreman-rake create_org_admins Creating Roles for every Organization with all Permissions except Organization and Role objects. ** Creating ROLE: Org Admin - Default Organization ** Adding Filters to ROLE: Org Admin - Default Organization ** Creating ROLE: Org Admin - Org333 ** Adding Filters to ROLE: Org Admin - Org333 ** Creating ROLE: Org Admin - The Demo Org Auto ** Adding Filters to ROLE: Org Admin - The Demo Org Auto Done creating new Roles with all Filters and Permissions except Organization and Role objects. 3) This will create a single Role for each Organization on the Satellite. Each Role will have all permissions except for Organization and Role objects assigned to it with no scoped filtering on specific objects. This will allow users scoped to a single Organization with this Role have the ability to act as an Admin but only be able to modify objects within that Organization. This is a First Draft of this script and is open to modification and suggestions.
Comment 7 Bryan Kearney 2016-02-11 11:46:53 EST
*** Bug 1301900 has been marked as a duplicate of this bug. ***
Comment 9 Johan Bergström 2016-04-14 08:08:58 EDT
ORG admin will probably need access to manifest and subscription management for their own org, which is part of organization resource type. Adding org resource with delete_manifest, import_manifest, unattach_subscriptions, attach_subscriptions, view_subscriptions filters does the trick.
Comment 10 Johan Bergström 2016-04-14 08:45:46 EDT
ORG admin has access to full audittrails for all organizations per default. ORG admin can see and modify tasks for all organizations - this is bad.
Comment 11 orabin 2016-05-24 01:07 EDT
Created attachment 1160873 [details] create_org_admins script
Comment 12 orabin 2016-05-24 01:13:25 EDT
I added Mike's script with some changes that should remove permissions to see other orgs when editing permissions. This version was created by Tom Caspy on Feb 8th.
Comment 13 Bryan Kearney 2016-07-08 16:19:14 EDT
Per 6.3 planning, moving out non acked bugs to the backlog
Comment 16 Bryan Kearney 2016-07-28 04:09:15 EDT
Upstream bug component is Users & Roles
Comment 18 Bryan Kearney 2016-08-26 06:10:07 EDT
Moving to POST since upstream bug http://projects.theforeman.org/issues/7806 has been closed
Comment 21 Renzo Nuccitelli 2016-11-15 08:20 EST
Created attachment 1220833 [details] Roles with Taxonomy Association
Comment 22 Renzo Nuccitelli 2016-11-15 08:22:12 EST
Now Roles can be associated with taxonomies (screen attached). Verified on sat 6.3.0 snap 6.
Comment 26 errata-xmlrpc 2018-02-21 07:30:53 EST
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0336