Bug 1379437

Summary: CFME 4.1 Ownership of Virtual Machine Group Filtering Problem
Product: Red Hat CloudForms Management Engine Reporter: myoder
Component: ApplianceAssignee: Libor Pichler <lpichler>
Status: CLOSED NOTABUG QA Contact: Pavol Kotvan <pakotvan>
Severity: high Docs Contact:
Priority: high    
Version: 5.6.0CC: abellott, dajohnso, gblomqui, jhardy, mfeifer, myoder, obarenbo, yrudman
Target Milestone: GA   
Target Release: 5.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: tenant
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-06-23 18:11:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: CFME Core Target Upstream Version:

Description myoder 2016-09-26 18:09:35 UTC 
Description of problem: 

1) Setting group ownership based on tenants does not work.  When applied for a sub-tenant, the sub-tenant cannot view the VMs associated with its tenant group.

2) When a child tenant switches the ownership from its parent, the owner field is set at <No Owner>.  But if a parent switches the ownership from the child tenant, the child tenant name is in the owner field. 


Version-Release number of selected component (if applicable): CFME 4.1


How reproducible:


Steps to Reproduce:
1. Create a user belonging to a sub-tenant named Magic.
2. Set group ownership to "Tenant My Company/Magic access"
3. Tenant belonging to Magic cannot see VMs owned by group "Tenant My Company/Magic access"

Actual results: Tenant cannot see VMs its group owns.


Expected results: Tenant should be able to view VMs its group belongs to.


Additional info:
Comment 4 Libor Pichler 2017-05-22 12:00:35 UTC 
I was not able to reproduce point 1. When I assigned the group to VM, the user was able to see it.
Concretely:

Tenant Structure:
My Company ->
 Tenant1 ->
    SubTenant1 

Groups :
   GroupSubTenant1 (tenant: SubTenant1 )
    
User: 
U1 (in group: GroupSubTenant1, role: any created by me with 
VM & Template Access Restriction:  Only User or Group Owned )

With admin user I set to VM1 in `set ownership screen`
Select a Group: SubTenant1

Then when I logged in with user U1 I was able to see VM1 (but I was able to  change ownership to groups but only to my groups)

Is setting same on your side ? 

But according to comment Comment 2, I think there is different case which is needed:

the customer is requesting: 
that when user U1 is seeing templates from parent tenant, we should not 
do the operation like changing ownership on template which is not directly owned by user or user's group.(assigned previously in `set ownership screen`)

If so this is RFE.