| Summary: | CloudForms 4.1 Child tenants are allowed to view other child tenants Service Requests | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | myoder | ||||
| Component: | Appliance | Assignee: | Libor Pichler <lpichler> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Pavol Kotvan <pakotvan> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 5.6.0 | CC: | abellott, bascar, cpelland, gtanzill, jhardy, lpichler, obarenbo, simaishi | ||||
| Target Milestone: | GA | Keywords: | TestOnly, ZStream | ||||
| Target Release: | 5.9.0 | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Whiteboard: | tenant | ||||||
| Fixed In Version: | 5.9.0.1 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 1461513 (view as bug list) | Environment: | |||||
| Last Closed: | 2018-03-06 15:52:46 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1461513 | ||||||
| Attachments: |
|
||||||
Gregg, I am wondering if MiqRequest should be included in list here https://github.com/ManageIQ/manageiq/blob/master/lib/rbac/filterer.rb#L8 Let me know. Thanks, ~Harpreet |
Created attachment 1200613 [details] Screenshot of Tenant viewing Service Request of another tenant 4.1 Description of problem: A child tenant is allowed to see other child tenants Service Requests Version-Release number of selected component (if applicable): CloudForms 4.1 How reproducible: Always Steps to Reproduce: 1. Have a child tenant named Customer C make a Service Request 2. Login as an admin child tenant named Customer A. 3. Go to Services -> Requests and view the Service Requests made by child tenant Customer C. Actual results: Customer A child tenant is allowed to see the names of other child tenants that have made a Service Request. Expected results: Customer A child tenant should not see the names of other child tenants that have made a Service Request Additional info: