Bug 1426957

Summary: Roles not properly reflected on AD users
Product: Red Hat Satellite Reporter: Paul Dudley <pdudley>
Component: LDAPAssignee: Dominik Hlavac Duran <dhlavacd>
Status: CLOSED ERRATA QA Contact: Kedar Bidarkar <kbidarka>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2.7CC: andrew.schofield, bbuckingham, bkearney, dlobatog, ehelms, jcallaha, kbidarka, mhulan, pdudley
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: foreman-1.14 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-21 16:54:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1479962    
Attachments:
Description Flags
usergroup roles are now visible none

Description Paul Dudley 2017-02-26 20:16:09 UTC 
Description of problem:
User group assigned to particular role(s) seem to receive their assigned permissions, but the roles to reflect those permission are not seen in the webui.

Steps to Reproduce:
1. Create an authentication source - ensure 'Automatically create accounts in Satellite' is set
2. Create a role with some permissions
3. Create a user group, assign to this the role from step 2. Assign an AD group to this too.
4. Login as a user who is a member of that AD group.
5. The account is created (the user does not have proper permissions until foreman-rake ldap:refresh_usergroups is run)
6. When viewing the user Settings -> Users, note that the Role tab does not reflect the roles which have granted this user access.

Actual results:
User is given role, but the role is not seen in the webui.

Expected results:
Expect that the roles a user has been given can be seen if they have the permission to view roles.

Additional info:
User's cannot see their own roles as well in <username> > My Account > Roles - this page is blank. But with a normal locally created user with the same permissions, this page is populated.
Comment 2 Brad Buckingham 2017-06-01 13:30:02 UTC 
Could this be a duplicate of bug 1378939?
Comment 3 Daniel Lobato Garcia 2017-06-21 08:44:43 UTC 
Connecting redmine issue http://projects.theforeman.org/issues/15232 from this bug
Comment 4 Daniel Lobato Garcia 2017-06-21 08:46:43 UTC 
Roles inherited from user groups are now visible, it's been fixed upstream. Moving to POST.
Comment 7 Satellite Program 2017-08-02 22:14:58 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/15232 has been resolved.
Comment 10 Kedar Bidarkar 2017-08-18 18:17:13 UTC 
Created attachment 1315361 [details]
usergroup roles are now visible
Comment 11 Kedar Bidarkar 2017-08-18 18:17:59 UTC 
VERIFIED with Sat6.3.0-snap11.0
Comment 12 Satellite Program 2018-02-21 16:54:17 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> 
> For information on the advisory, and where to find the updated files, follow the link below.
> 
> If the solution does not work for you, open a new bug report.
> 
> https://access.redhat.com/errata/RHSA-2018:0336