Bug 1403008

Summary: User can see all cloud keypairs even if filtered by provider or tag
Product: Red Hat CloudForms Management Engine Reporter: Jon Jozwiak <jjozwiak>
Component: SecurityAssignee: Gregg Tanzillo <gtanzill>
Status: CLOSED DUPLICATE QA Contact: Dave Johnson <dajohnso>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 5.6.0CC: jhardy, jprause, jrafanie, kseifried, lpichler, obarenbo
Target Milestone: GA   
Target Release: cfme-future   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-06-13 12:07:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jon Jozwiak 2016-12-08 21:19:38 UTC 
Description of problem:
I have created a group within settings->configuration-> Access Control accordian.  In the groups configuration I restrict the 'Hosts/Nodes & Clusters/Deployment Roles' to only allow for a specific AWS provider.  In addition, I click on 'Red Hat Tags' and select a tag called Project->Project X.  This should only allow my user to see things tagged with 'Project X'.  

I log in with a user belonging to this group.  I click on 'Compute -> Clouds -> Key Pairs' and the used can see all key pairs for all cloud providers (even though none of them are tagged)

Version-Release number of selected component (if applicable):
cfme 5.6.3.3.20161128141841_49d925b 

How reproducible:


Steps to Reproduce:
1. Create multiple cloud providers (AWS/Azure in my case) with keypairs and add as providers in AWS.  
2. Validate you can see the providers and keypairs in the UI 
3. Create a group that has access only to one of the providers and is filtered by only a single tag.  Create a user and assign that group and a role.
4. Log into the UI with the user and go to Compute -> Clouds -> Key Pairs.  You will see keypairs from both providers even through none have the tag you assigned 

Actual results:
I can see every key pair

Expected results:
I can only see tagged key pairs 

Additional info:
Comment 2 Libor Pichler 2017-06-13 12:07:40 UTC 

*** This bug has been marked as a duplicate of bug 1441637 ***