Bug 1455011

Summary: RHV-M portal shows incorrect inherited permission for users
Product: Red Hat Enterprise Virtualization Manager Reporter: nijin ashok <nashok>
Component: ovirt-engineAssignee: Ondra Machacek <omachace>
Status: CLOSED ERRATA QA Contact: Gonza <grafuls>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.1.1CC: audgiri, grafuls, lleistne, lsurette, mgoldboi, mperina, omachace, pstehlik, rbalakri, Rhev-m-bugs, srevivo, ykaul
Target Milestone: ovirt-4.2.0Keywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
undefined
 Story Points: ---
Clone Of:
: 1458013 (view as bug list) Environment:
Last Closed: 2018-05-15 17:42:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1458013    
Attachments:
Description Flags
directory_group_user_a
none
directory_group_user_b
none
user_b incorrect permission none

Description nijin ashok 2017-05-24 02:54:47 UTC 
Description of problem:

In some scenarios, RHV-M displays incorrect permission for the users. This only happens with normal user and not with admin@internal user.  Please see "Steps to Reproduce" for more info.


Version-Release number of selected component (if applicable):

rhevm-4.1.1.8-0.1.el7.noarch

How reproducible:

100%

Steps to Reproduce:

1. Create two groups group_a and group_b and add a user_a to group_a and user_b to group_b. 

ovirt-aaa-jdbc-tool group-manage show group_a
Group: group_a(f497038d-98a3-44c8-a9c3-88ecb3654d66) members:
  User: user_a

ovirt-aaa-jdbc-tool group-manage show group_b
Group: group_b(29ceab89-df25-47bc-a4aa-f44f5b6d9271) members:
  User: user_b

2. Assign group_a as superuser on system object.
  
3. Login to admin portal with user_a.

4. Check the permission of user_b . Admin portal will show user_b has superuser role which is inherited from group_a although user_b is not a member of group_a.

5. This is only a "display" issue and user_b don't really have this permission and login to admin portal will fail for this user.


Actual results:

Permission is not shown correctly

Expected results:

Permission should show correctly

Additional info:

Attaching screenshots from my test environment. The customer who reported this issue is using AD .
Comment 1 nijin ashok 2017-05-24 02:55:33 UTC 
Created attachment 1281820 [details]
directory_group_user_a
Comment 2 nijin ashok 2017-05-24 02:56:46 UTC 
Created attachment 1281821 [details]
directory_group_user_b
Comment 3 nijin ashok 2017-05-24 02:57:49 UTC 
Created attachment 1281822 [details]
user_b incorrect permission
Comment 4 Martin Perina 2017-05-24 06:35:01 UTC 
Ondro, could you please take a look?
Comment 5 Ondra Machacek 2017-05-24 07:05:24 UTC 
It always shows the group, which is the current logged in user part of. This is UI issue.
Comment 7 rhev-integ 2017-06-01 16:13:12 UTC 
WARN: Bug status wasn't changed from MODIFIED to ON_QA due to the following reason:

[Found clone flags: ['rhevm-4.1.z', 'rhevm-4.2-ga'], ]

For more info please contact: rhv-devops: Bug status wasn't changed from MODIFIED to ON_QA due to the following reason:

[Found clone flags: ['rhevm-4.1.z', 'rhevm-4.2-ga'], ]

For more info please contact: rhv-devops
Comment 10 Gonza 2017-11-22 07:15:17 UTC 
Verified with:
ovirt-engine-4.2.0-0.0.master.20171010095230.git721740e.el7.centos.noarch
Comment 13 errata-xmlrpc 2018-05-15 17:42:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:1488
Comment 14 Franta Kust 2019-05-16 13:09:05 UTC 
BZ<2>Jira Resync