Bug 1442972

Summary: Tag Visibility | Access Controll: All users, groups, and tenants are visible for restricted user
Product: Red Hat CloudForms Management Engine Reporter: Ruslana Babyuk <rbabyuk>
Component: ApplianceAssignee: Libor Pichler <lpichler>
Status: CLOSED CURRENTRELEASE QA Contact: Ruslana Babyuk <rbabyuk>
Severity: high Docs Contact:
Priority: high    
Version: 5.8.0CC: abellott, cpelland, dajohnso, gtanzill, jhardy, jrafanie, obarenbo, simaishi
Target Milestone: GAKeywords: TestOnly
Target Release: 5.9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: ui:tag
Fixed In Version: 5.9.0.1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1447372 1460979 (view as bug list) Environment:
Last Closed: 2018-03-06 15:16:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: CFME Core Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1447372, 1460979    

Description Ruslana Babyuk 2017-04-18 08:29:09 UTC 
Description of problem:
Restricted user can see all groups, users, and tenants 

Version-Release number of selected component (if applicable):
5.8.0.10, also 5.7.2.1

How reproducible:
100%

Steps to Reproduce:
1. Add role and group with tag
2. Add user and assign group to user
3. Log in as restricted user
4. Navigate to Configuration->Access Control
5. Check group list

Actual results:
All groups are available for restricted user

Expected results:
Group list should be empty for restricted user

Additional info:
Comment 2 Gregg Tanzillo 2017-05-02 13:50:50 UTC 
The following PRs address supporting RBAC tag filtering for users and groups -
https://github.com/ManageIQ/manageiq/pull/14901
https://github.com/ManageIQ/manageiq/pull/14903

For tenants, it's clear whether filtering by managed tag is necessary or required. The original implementation of tenancy supports restricting a users view of other tenants by the hierarchy of the parent child relationships between tenants. Currently, a user in a particular tenant is only able to see his own tenant and all child tenants of that tenant. There was never a requirement to support additional filtering by tag. I think adding this additional tag filtering functionality adds a lot of complexity for a relatively small amount of benefit.

I will move this BZ to POST after the above PRs are merged. I'd like for John Hardy to weigh in on the necessity of the additional tag filtering for tenants. We already have a WIP Pr for that.
Comment 5 Red Hat Bugzilla 2023-09-14 03:56:31 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days