Bug 1366205
| Summary: | [Admin Portal] Disable removal of system permissions from built-in 'Everyone' group | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [oVirt] ovirt-engine | Reporter: | Jiri Belka <jbelka> | ||||
| Component: | Frontend.WebAdmin | Assignee: | Ondra Machacek <omachace> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Jiri Belka <jbelka> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 4.0.2.5 | CC: | bugs, jbelka, mperina, oourfali | ||||
| Target Milestone: | ovirt-4.1.0-beta | Flags: | rule-engine:
ovirt-4.1+
rule-engine: planning_ack+ mperina: devel_ack+ pstehlik: testing_ack+ |
||||
| Target Release: | 4.1.0.2 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: |
Cause:
Administrators are not able to add system permissions to the built-in group Everyone, such changes can be done only by engine database upgrade scripts. Unfortunately administrators were able to remove those systems permissions from Everyone group, which could cause irreversible changes affecting engine functionality.
Consequence:
Fix:
Result:
This fix disables removing system permissions from Everyone group, so administrators are not able to break their setup.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2017-02-01 14:39:07 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Jiri, do we have a possibility to add system permission to Everyone in 3.6? If so, we need to backport to 4.0.z. Also there's a workaround for that, administrator can use DataCenter permissions to assing a role for Everyone in that DC. It's not possible in 3.6 as well. ok, rhevm-4.1.0-0.3.beta2.el7.noarch Error while executing action: It's not allowed to remove system permissions assigned to built-in Everyone group |
Created attachment 1190002 [details] screenshot Description of problem: One can assing a role to Everyone per object but this is missing in System permissions' "Add" dialog, see screenshot. Thus it is not possible to assing a role - eg UserProfileEditor - to everyone. Version-Release number of selected component (if applicable): ovirt-engine-webadmin-portal-4.0.2.4-0.1.el7ev.noarch How reproducible: 100% Steps to Reproduce: 1. Configure -> System Permissions - click "Add" 2. Is there 'Everyone' checkbox? 3. Actual results: Everyone is missing in the dialog Expected results: should be there Additional info: