Bug 1465642
Summary: | Non-admin users unable to see Catalog Items in SUI | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat CloudForms Management Engine | Reporter: | Ryan Spagnola <rspagnol> | ||||
Component: | Appliance | Assignee: | Yuri Rudman <yrudman> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | Landon LaSmith <llasmith> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 5.8.0 | CC: | abellott, brant.evans, cpelland, dclarizi, jhardy, llasmith, obarenbo, rspagnol | ||||
Target Milestone: | GA | Keywords: | TestOnly, ZStream | ||||
Target Release: | 5.9.0 | Flags: | llasmith:
needinfo+
|
||||
Hardware: | All | ||||||
OS: | All | ||||||
Whiteboard: | ssui:catalog:rbac | ||||||
Fixed In Version: | 5.9.0.1 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | 1468295 (view as bug list) | Environment: | |||||
Last Closed: | 2017-10-31 19:47:35 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | Bug | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | CFME Core | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1468295 | ||||||
Attachments: |
|
Description
Ryan Spagnola
2017-06-27 20:23:43 UTC
So we've run into this a few times and its usually a role product feature issue. Please confirm the current role of the user has the appropriate product features to see the service catalog. (that you can't see the menu item is indicates this is likely not a bug, rather a misconfiguration) Guessing no ip or ss are an option? Allen, This happens when using the EvmRole-user_self_service role for the group. So if it is a problem with the role then it is a bug in the product as the role that ships does not work. This is happening on a customers system so no IP, but I can work with the customer to get a screen-share going if you would like. Created attachment 1292658 [details]
Looks like by default role you mention does not include view catalog
Can you confirm or deny if the user role has the `catalog_items_view` product feature?
Hey ChrisK who do we talk to about changing the product features of the sui role? It needs to have the following product feature enabled (if the desired goal is to allow sui users to see catalogs) :name: View Catalog Items :description: View Catalog Items :feature_type: view :identifier: catalog_items_view There is a Services -> Catalogs Explorer -> Catalog Items -> View Catalog Items product feature that I see and it is not selected. I copied the EvmRole-user_self_service to a new role and enabled the feature. I am now able to see the Service Catalog in the SUI as a non-admin user. Only the catalog items that are supposed to be shown (based on tagging) are shown to the user. Is this a new feature in 4.5? or a change in behavior for how the feature is used between 4.2 and 4.5? Either way this feature should be enabled by default for the EvmRole-user_self_service (and maybe others). Looks like we need to change product features of the sui role. It needs to have the following product feature enabled :name: View Catalog Items :description: View Catalog Items :feature_type: view :identifier: catalog_items_view (not 100% sure the "Appliance" category is the right one, so apologies if it isn't) New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/ad6c4cb141257ca7eba82f43d3269bea4aa1a6ef commit ad6c4cb141257ca7eba82f43d3269bea4aa1a6ef Author: Yuri Rudman <yrudman> AuthorDate: Fri Jun 30 10:12:15 2017 -0400 Commit: Yuri Rudman <yrudman> CommitDate: Fri Jun 30 10:12:15 2017 -0400 added 'catalog_items_view' product feature to ssui roles https://bugzilla.redhat.com/show_bug.cgi?id=1465642 db/fixtures/miq_user_roles.yml | 2 ++ 1 file changed, 2 insertions(+) Kicking this back b/c the default EvmRole-user_self_service (and EvmRole-user_limited_self_service) role doesn't allow the non-admin user to view the Service Catalog (or login) via the Self Service UI. The role needs to enable Service UI -> Service Catalog -> View as a default permission Version: 5.9.0.4.20171024163837_ef71ea6 Landon, This change was already released in 5.8.1.2 - https://bugzilla.redhat.com/show_bug.cgi?id=1468295. Could you verify this one and create create another BZ against version 5.8.1.1 with description of changes you are proposing ? It would help to keep track of the issue. Thanks! Yuri, 5.9 now has separate permissions to grant access to items in the SSUI under "Service UI". :name: Show :description: Show Service Catalog :feature_type: view :identifier: sui_svc_catalog_view This issue isn't present in CFME 5.8.2.3. because there are no separate features required to enable SSUI access. *** This bug has been marked as a duplicate of bug 1507029 *** |