Bug 1302431
Summary: | partial inventory when using sub-tenant | ||
---|---|---|---|
Product: | Red Hat CloudForms Management Engine | Reporter: | Josh Carter <jocarter> |
Component: | Appliance | Assignee: | Libor Pichler <lpichler> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Pavol Kotvan <pakotvan> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 5.5.0 | CC: | abellott, dajohnso, gtanzill, jhardy, jocarter, jrafanie, obarenbo |
Target Milestone: | GA | ||
Target Release: | 5.6.0 | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | tenant | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-02-29 21:34:12 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Josh Carter
2016-01-27 21:20:36 UTC
Assigning to add test case Josh, the visibility rules per class is found here: https://github.com/ManageIQ/manageiq/blob/62477b802b2ea7eead99bd78fdf9cebcc7473702/app/models/rbac.rb#L59-L70 Can you clarify exactly what setup you have in terms of a tree what objects you have, providers/ems/vm/templates and what tenant/group they belong to? A sub-tenant should only be able to see "ExtManagementSystem", "MiqAeNamespace", "MiqTemplate", "Provider", "ServiceTemplateCatalog", "ServiceTemplate", etc. (the keys with a value of :ancestor_ids). Of course, the sub-tenant will of course see all of it's own things, but above is for the class of objects owned by a parent tenant that are visible from the child tenant. Please retest with 5.5.2. There was a fix made to address visibility of templates owned by the parent tenant. Users should be able to see the templates owned by the current tenant and parent tenants only. But, see VMs owned by current tenant and child tenants only. |