Bug 1290732

Summary: [RFE] Allow a user to be part of different groups
Product: Red Hat CloudForms Management Engine Reporter: Sergio Ocón-Cárdenas <soconcar>
Component: UI - OPSAssignee: John Hardy <jhardy>
Status: CLOSED WONTFIX QA Contact: Dave Johnson <dajohnso>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 5.5.0CC: hkataria, jhardy, mpovolny, nachandr, obarenbo
Target Milestone: GAKeywords: FutureFeature
Target Release: cfme-future   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: ui:tenant_cfme
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-28 15:04:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sergio Ocón-Cárdenas 2015-12-11 09:20:26 UTC 
Description of problem:
When creating a user, it can only belong to a single project, however, a user should belong to different projects as he won't possible work in a single organization/project

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Create a tenant with a two projects
2. Create a group
3. Add a user to the group

Actual results:
The user can only be part of one group -> one tenant

Expected results:
As an administrator, I want to associate users to different projects, as the user will likely be part of several of them (i.e. demos + infrastructure + development), without the need of creating different users.
The user should be part of different projects. Tenants can be associated to one user, but projects should be added to the profile so a user can choose project (taht should be reflected in the GUI).
Something like Unix groups should be better: having a principal group and then a secondary groups, being able to choose which one is used each time trough a visual clue in the Patternfly utility links space

Additional info:
With the current definition, a project has no further value than a tenant. With this RFE, a tenant would split resources, and a project would be an administrative way of associating resources, creating quotas, associating specific automatic controls, etc.
Comment 2 Sergio Ocón-Cárdenas 2016-05-09 13:40:33 UTC 
This could aslo include the following feature:

- A user can be part of Department A/B/C.
- User in all departments can change things in development
- Only users of department C can change things in production.

For instance, only ops can start and stop a machine, and visibility for other groups should be restricted.

RBAC then should allow:
- A customer to be part of different groups, so a group can give read access to production, and another full access to production and development.
- Buttons and dialogues should be adapted to it.
- Visibility and RBAC are related but not linked. A user can see the same VM than another and not being able to update it
Comment 5 Chris Pelland 2017-08-28 15:04:12 UTC 
This bug has been open for more than a year and is assigned to an older release of CloudForms. 
If you would like to keep this Bugzilla open and if the issue is still present in the latest version of the product, please file a new Bugzilla which will be added and assigned to the latest release of CloudForms.