Bug 1477598

Summary: Some core permissions are missing from Manager and Organization admin roles
Product: Red Hat Satellite Reporter: Marek Hulan <mhulan>
Component: Users & RolesAssignee: Marek Hulan <mhulan>
Status: CLOSED ERRATA QA Contact: Kedar Bidarkar <kbidarka>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.3.0CC: bbuckingham, dhlavacd, ehelms, jcallaha, kbidarka, mhulan
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: foreman-1.15.3 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-21 16:51:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marek Hulan 2017-08-02 12:41:28 UTC
Description of problem:

In clean installation, Manager and Organization admin roles do not contain all permissions, e.g.

it contains on view_compute_profiles but not edit/destroy/create permission for this resource

The cause is that hardcoded list in db/seeds.d/02-roles_list.rb is not complete.

Version-Release number of selected component (if applicable):

Satellite 6.3 snap 9 / Foreman nightly (1.16-develop)

How reproducible:

100%

Steps to Reproduce:
1. install Satellite / Foreman
2. navigate to Manager role, see filters
3. try to find edit_compute_profiles 

Actual results:

no such permission can be found

Expected results:

every permission should be included in Manager role, Organization admin should contain similar set just without organization management
Additional info:

Comment 1 Marek Hulan 2017-08-02 12:42:09 UTC
Created redmine issue http://projects.theforeman.org/issues/20483 from this bug

Comment 3 Marek Hulan 2017-08-02 12:47:42 UTC
Full list of missing permissions:

["access_dashboard",
 "assign_organizations",
 "create_compute_profiles",
 "create_config_groups",
 "create_external_usergroups",
 "create_filters",
 "create_organizations",
 "create_roles",
 "destroy_compute_profiles",
 "destroy_config_groups",
 "destroy_external_usergroups",
 "destroy_filters",
 "destroy_keypairs",
 "destroy_organizations",
 "destroy_roles",
 "edit_compute_profiles",
 "edit_config_groups",
 "edit_external_usergroups",
 "edit_filters",
 "edit_organizations",
 "edit_roles",
 "lock_provisioning_templates",
 "lock_ptables"]

Comment 4 Satellite Program 2017-08-02 14:16:15 UTC
Upstream bug assigned to mhulan

Comment 5 Satellite Program 2017-08-02 14:16:18 UTC
Upstream bug assigned to mhulan

Comment 6 Satellite Program 2017-08-08 10:14:52 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/20483 has been resolved.

Comment 7 Kedar Bidarkar 2017-09-11 16:34:21 UTC
 "access_dashboard",    [ exists ] in miscellaneous
 "assign_organizations",      [ exists ]
 "create_compute_profiles",   [ Exists ]
 "create_config_groups",      [ exists ]
 "create_external_usergroups", [ exists ]
 "create_filters",             [ exists ]
 "create_organizations",      [ exists ]
 "create_roles",              [ exists ]
 "destroy_compute_profiles",  [ Exists ]
 "destroy_config_groups",     [ Exists ]
 "destroy_external_usergroups", [ exists ]
 "destroy_filters", [ exists ]
 "destroy_keypairs", [ exists ]
 "destroy_organizations", [ exists ]
 "destroy_roles",    [ exists ]
 "edit_compute_profiles",  [ Exists ]
 "edit_config_groups", [ Exists ]
 "edit_external_usergroups", [ exists ]
 "edit_filters", [ exists ]
 "edit_organizations", [ exists ]
 "edit_roles",  [ exists ]
 "lock_provisioning_templates", [ exists ]
 "lock_ptables" [ exists ]


VERIFIED With sat6.3.0 snap15.0

Comment 8 Satellite Program 2018-02-21 16:51:07 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> 
> For information on the advisory, and where to find the updated files, follow the link below.
> 
> If the solution does not work for you, open a new bug report.
> 
> https://access.redhat.com/errata/RHSA-2018:0336