Bug 1461212

Summary: [RFE][M-5] RBAC for API user access
Product: Red Hat CloudForms Management Engine Reporter: Saif Ali <saali>
Component: APIAssignee: Joe Vlcek <jvlcek>
Status: CLOSED WONTFIX QA Contact: Antonin Pagac <apagac>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.7.0CC: bascar, cpelland, gblomqui, greartes, gtanzill, jhardy, jocarter, jvlcek, mfeifer, obarenbo, rspagnol, saali, smallamp
Target Milestone: GAKeywords: FutureFeature, RFE
Target Release: 5.11.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-09-18 13:26:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: Feature
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: CFME Core Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1581467    

Description Saif Ali 2017-06-13 22:39:19 UTC 
Description of problem:
Currently when the user connect thru rest API the user can view any thing under /api/* can the user be just limit to items has access to it. 

Version-Release number of selected component (if applicable):
4.2

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Gregg Tanzillo 2017-06-15 14:24:59 UTC 
Saif, can you add some more details? Are you saying that the user is able to see all the actions available under /api/* or are they able to see managed objects that their RBAC should not allow?
Comment 9 Josh Carter 2018-09-18 13:26:23 UTC 
Dear customer, 

The CloudForms team is reviewing the current CloudForms RFE(Request for Enhancement) backlog in order to improve our responsiveness to customers. We are closing any requests for versions no longer within full support(link below to the lifecycle) or that do not have a clear spot on the product roadmap. We are committing to better management of the backlog as we move forward. If you have an RFE that you still have a strong business case for, please open a new BZ against the currently supported version 4.6.

Lifecycle page: https://access.redhat.com/support/policy/updates/cloudforms

If you have any concerns about this, please let us know.

Thanks and regards!”
Comment 10 Josh Carter 2018-09-27 18:51:28 UTC 
*** Bug 1468344 has been marked as a duplicate of this bug. ***