| Summary: | EVERYONE user is added twice when creating a new disks profile | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [oVirt] ovirt-engine | Reporter: | Roman Mohr <rmohr> | ||||
| Component: | BLL.Storage | Assignee: | Martin Sivák <msivak> | ||||
| Status: | CLOSED DEFERRED | QA Contact: | Petr Matyáš <pmatyas> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 3.6.2.1 | CC: | bugs, dfediuck, mavital, mgoldboi, michal.skrivanek, pstehlik | ||||
| Target Milestone: | --- | Flags: | sbonazzo:
ovirt-4.2-
sbonazzo: ovirt-4.3- |
||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2018-07-04 10:21:15 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | SLA | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
So the default profile currently gets: user admin and role Superuser user EVERYONE with role DiskProfileEditor Every new profile gets user admin and role Superuser user EVERYONE with role DiskProfileEditor user EVERYONE with role DiskProfileUser It might be more correct to have these permissions on the default policy: user admin and role Superuser user <CREATOR> with role DiskProfileEditor user EVERYONE with role DiskProfileUser New profiles should have: user admin and role Superuser user <CREATOR> with role DiskProfileEditor to make it an explicit decision if new profiles should be available for everyone. Roman note that not every user is a creator. For example if I'm an end user (student), I may not be able to create a (disk, vNIC, VM), but I should still be able to consume one or more profiles based on my permissions (including any LDAP group I belong to). doesn't seem interesting enough, no complaints anywhere, low severity Please reopen if still interesting |
Created attachment 1113906 [details] diks profile permission screenshot Description of problem: EVERYONE user is assigned two times to a new disk profile Version-Release number of selected component (if applicable): How reproducible: Create a disk profile and check it's permissions by clicking on it (see attached screenshot) Steps to Reproduce: 1. Create an additional disk profile 2. Click on it in Storage->Disk Profiles->'profile name' 3. Look at the permissions Actual results: EVERYONE user is visible two times Expected results: EVERYONE user should only be there once Additional info: