Bug 1023408
Summary: | The return message is improper when trying to delete the owner of the domain | ||
---|---|---|---|
Product: | OpenShift Online | Reporter: | Qiushui Zhang <qiuzhang> |
Component: | Master | Assignee: | Jordan Liggitt <jliggitt> |
Status: | CLOSED WONTFIX | QA Contact: | libra bugs <libra-bugs> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 2.x | CC: | dmcphers, jliggitt, xtian |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-01-20 15:46:20 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Qiushui Zhang
2013-10-25 11:16:51 UTC
It happens on INT (devenv_3942). Membership can occur directly or indirectly. Currently, the only way membership can be granted indirectly is that the domain owner always has admin access. In the future, giving a group access to a domain would give all the members of the group indirect access to the domain. The message returned from DELETE is correct. Is removing the owner of a domain allowed? DELETE will return a 200 on any user id if the end result is that the user does not have an explicit membership on the domain (either because they didn't have one, or because we successfully removed it). Removing the explicit membership for the domain owner (if there is one) is allowed. The owner will still have access by virtue of them being the owner. This mirrors the eventual behavior we will have around groups. |