Bug 1192484
| Summary: | user with limited rights can see Content -> Errata menu item but it produces "403 - Permission Denied" page only | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Jan Hutař <jhutar> | ||||
| Component: | Users & Roles | Assignee: | Eric Helms <ehelms> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Corey Welton <cwelton> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 6.1.0 | CC: | bkearney, cwelton, jhutar, jmontleo, sthirugn | ||||
| Target Milestone: | Unspecified | Keywords: | Triaged | ||||
| Target Release: | Unused | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| URL: | http://projects.theforeman.org/issues/10147 | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-08-12 05:25:36 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Since this issue was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release. I am not able to reproduce this with the latest. I have followed the reproducer and I can still see "Content -> Errata" when logged in as "user1" Testing this on latest I am not able to reproduce this issue. This does indeed stil take place in Satellite-6.1.0-RHEL-6-20150310.0 Adding the specific roles as referenced in initial report, and creating a user which has those roles only, I get top-level menu items of Monitor Content Within Content, there is definitely an Errata tab, which leads to a 403. Will be attaching a screenshot Created attachment 1000623 [details]
screenshot in compose6
Verified in Satellite-6.1.0-RHEL-7-20150424.0 This bug is slated to be released with Satellite 6.1. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2015:1592 |
Description of problem: User with limited rights can see Content -> Errata menu item but it produces "403 - Permission Denied" page only. Context "Default Organization@Default Location" is selected. Version-Release number of selected component (if applicable): Satellite-6.1.0-RHEL-6-20150210.0-Satellite-x86_64 How reproducible: always Steps to Reproduce: 1. created a role "role1" via admin user 2. added following permissions to "role1": content-view resource type - create, view and publish CV product resource type - view product activation-key resource type - create, update, destroy, view lifecycle env resource type - view 3. created a user user1 and assign role1 to this user 4. logout with admin and login with user1 Actual results: One of the items user1 can see in menu "Content" is "Errata". Clicking on it generates 403 http error page 403 - Permission Denied You are not authorised to perform this action. Please request the required privileges from an administrator. Expected results: "Errata" menu item should not be there. Additional info: Probably not all of the permissions from 2nd step of "Steps to Reproduce" are needed to reproduce, but this was reported when testing bug 1112234 and I had this setup handy.