Bug 1304608

Summary: [RFE] Manager and viewer role do not contain permissions for katello, rex and other plugins actions
Product: Red Hat Satellite Reporter: Komal <kshravag>
Component: Users & RolesAssignee: Ondřej Pražák <oprazak>
Status: CLOSED ERRATA QA Contact: Renzo Nuccitelli <rnuccite>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1.6CC: bkearney, dlobatog, ehelms, jbhatia, jcallaha, jyejare, mhulan, oprazak, peter.vreman, pmutha, rnuccite, sjagtap, xdmoon
Target Milestone: UnspecifiedKeywords: FutureFeature, Triaged
Target Release: Unused   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-21 12:33:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 260381, 1122832, 1373844, 1479962    
Attachments:
Description Flags
Manager's view - no content
none
Manager permissions 6.3 snap 13 - 1
none
Manager permissions 6.3 snap 13 - 2
none
Manager permissions 6.3 snap 13 - 3
none
Manager permissions 6.3 snap 13 - 4 none

Comment 9 Bryan Kearney 2016-07-08 20:21:10 UTC 
Per 6.3 planning, moving out non acked bugs to the backlog
Comment 11 Marek Hulan 2016-12-02 10:34:38 UTC 
*** Bug 1387240 has been marked as a duplicate of this bug. ***
Comment 12 Marek Hulan 2016-12-02 10:39:01 UTC 
Updating the subject of the BZ. The root cause is that Manager role does not contain Katello and possibly other plugins permissions. Rex defines it's own manager role but it would be better to have this in shared Manager role too.
Comment 13 Marek Hulan 2016-12-02 10:41:19 UTC 
Other plugins should be checked too, e.g. Insight,Openscap,Discovery
Comment 14 Marek Hulan 2016-12-02 10:41:38 UTC 
*** Bug 1279947 has been marked as a duplicate of this bug. ***
Comment 15 Ondřej Pražák 2017-01-04 17:24:59 UTC 
We will add permissions from plugins to Manager and Viewer + create plugin-specific roles to be consistent across all plugins. I'll go over plugins and start creating tickets.
Comment 16 Ondřej Pražák 2017-01-06 09:22:55 UTC 
Connecting redmine issue http://projects.theforeman.org/issues/17954 from this bug
Comment 17 Satellite Program 2017-01-10 15:16:17 UTC 
Upstream bug assigned to oprazak
Comment 22 Daniel Lobato Garcia 2017-08-30 08:40:22 UTC 
Failed verification.

Version tested - Satelite 6.3 snap 13.

The mechanisms to add roles to Manager are in place, and some plugins have added their own permissions to Manager. As you can see in the screenshots, Remote Execution, Discovery, OpenSCAP, etc.. permissions are available on the Manager.

However no Content permissions other than permissions of Content hosts have been added to Manager. This causes users with the Manager role to not be able to add products, sync content views, etc... as requested in the 1st comment of the BZ. 

I would say this is probably a candidate for a blocker of 6.3.
Comment 23 Daniel Lobato Garcia 2017-08-30 08:41:01 UTC 
Created attachment 1319935 [details]
Manager's view - no content
Comment 24 Daniel Lobato Garcia 2017-08-30 08:42:01 UTC 
Created attachment 1319936 [details]
Manager permissions 6.3 snap 13 - 1
Comment 25 Daniel Lobato Garcia 2017-08-30 08:43:26 UTC 
Created attachment 1319937 [details]
Manager permissions 6.3 snap 13 - 2
Comment 26 Daniel Lobato Garcia 2017-08-30 08:43:56 UTC 
Created attachment 1319938 [details]
Manager permissions 6.3 snap 13 - 3
Comment 27 Daniel Lobato Garcia 2017-08-30 08:44:25 UTC 
Created attachment 1319939 [details]
Manager permissions 6.3 snap 13 - 4
Comment 28 Daniel Lobato Garcia 2017-08-30 08:46:03 UTC 
Set this as 6.3 blocker to ensure we don't ship 6.3 without a Manager role that can't manage Content.
Comment 29 Marek Hulan 2017-08-30 10:51:32 UTC 
Daniel, this is already tracked under BZ 1473212. If you can see all the other permissions, I think this could be considered verified. If you prefer to verify it here as well, I suggest you remove FailedQA and move it to POST with fixed_in_version set to Katello 3.4.5.

The only plugin I'm aware of that is not yet released with the patch is foreman_bootdisk. The last released version 9.0.0 does not contain the patch, it's in master only.
Comment 30 Satellite Program 2017-08-31 08:16:54 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/17954 has been resolved.
Comment 31 Eric Helms 2017-09-14 01:29:01 UTC 
Daniel,

Please advise how you'd like this BZ to be treated so I can either move it to ON_DEV now or push it back to ASSIGNED.
Comment 32 Daniel Lobato Garcia 2017-10-02 09:15:39 UTC 
ON_DEV, as https://bugzilla.redhat.com/show_bug.cgi?id=1473212 shows it was fixed on Snap 14 https://github.com/Katello/katello/pull/6703.
Comment 33 Renzo Nuccitelli 2018-01-30 13:03:32 UTC 
I was able to create a user with Manager Role and access Content on Satellite 6.3 snap 34. Thus I am moving this VERIFIED
Comment 36 errata-xmlrpc 2018-02-21 12:33:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336