Bug 1305158
Summary: | Issues with RBAC filtering using the REST API | |||
---|---|---|---|---|
Product: | Red Hat CloudForms Management Engine | Reporter: | Aparna Karve <akarve> | |
Component: | API | Assignee: | abellott | |
Status: | CLOSED WORKSFORME | QA Contact: | Taras Lehinevych <tlehinev> | |
Severity: | high | Docs Contact: | ||
Priority: | high | |||
Version: | 5.5.0 | CC: | cpelland, dajohnso, dclarizi, jhardy, jprause, jrafanie, nachandr, obarenbo | |
Target Milestone: | GA | Keywords: | ZStream | |
Target Release: | 5.7.0 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | api:rest:rbac | |||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1306721 1346974 (view as bug list) | Environment: | ||
Last Closed: | 2016-06-20 20:17:45 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1306721, 1346974 |
Description
Aparna Karve
2016-02-05 21:06:57 UTC
This may be resolved with Tim's PR https://github.com/ManageIQ/manageiq/pull/6651 on upstream where we added role identifiers to read actions (e.g. GET), so users of self service group/role would get the list of services and users of desktop groups/role will be getting a 403 (forbidden) Aparna, can you confirm and let us know ? RBAC for API Services in 5.6 |