Bug 1510079

Summary: [RFE] Tasks are visible to everybody, regardless of organization access rights
Product: Red Hat Satellite Reporter: Prajeesh <pmadathi>
Component: Tasks PluginAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED WONTFIX QA Contact: Jan Hutaƙ <jhutar>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2.0CC: aruzicka, dhlavacd, inecas, jentrena, mhulan, mverma, pdwyer, rhbgs.10.bigi_gigi, saydas
Target Milestone: UnspecifiedKeywords: FutureFeature
Target Release: Unused   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-07-02 17:53:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Prajeesh 2017-11-06 16:32:11 UTC 
Tasks are visible to everybody, regardless of organization access rights.

Users with permissions view_foreman_tasks and edit_foreman_tasks, granted to inspect tasks results and error messages, are able to cancel ANY canceable task. This is far from the advertised multi tenancy.

Visibility should be limited to own tasks, or at least to task from the own organization. To see all tasks, and kill task submitted by others, a special administrative filter should be available.
Comment 1 Marek Hulan 2017-11-07 06:50:24 UTC 
This is not easy to do, since tasks are not scoped per organization. I believe filter can be finegrained by tasks attributes including owner, but you'd need to create separate filter for each user, since we can't define a condition such as "owner = $current_user".

Personally I consider tasks page as maintanance tool and would not expect non admin users to interact with it. If users need cancelling, it should be provided by page that generates the tadk, e.g. rex jobs have their cancel button.

Moving to tasks component to consider.
Comment 3 Bengt Giger 2017-11-13 15:21:44 UTC 
This depends on the definition of "non admin", or "admin". Multi tenant environments do not simply have adminstrators, they have administrators responsible for the system, and administrators local to the tenant (organization). Delegation of responsibilities to the organizational level is vital, as is separation. 

There are worse separation issues than this, with severe security consequences. But regarding the advertised features, everything breaking the borders of tenants is more than just a feature nice to have.
Comment 4 Marek Hulan 2017-11-15 12:08:28 UTC 
I understand your point and you're right. By admin I meant system administrator of Satellite. In ideal case, organization admin should have no need to visit tasks page. Or we should start scoping tasks by the context (organizaton/location) in which they have been created. Similarly to audits, where we have the same problem I believe.
Comment 5 Marek Hulan 2017-11-15 15:10:53 UTC 
*** Bug 1322566 has been marked as a duplicate of this bug. ***
Comment 17 Bryan Kearney 2019-07-02 17:53:20 UTC 
Thank you for your interest in Satellite 6. We have evaluated this request, and while we recognize that it is a valid request, we do not expect this to be implemented in the product in the foreseeable future. This is due to other priorities for the product, and not a reflection on the request itself. We are therefore closing this out as WONTFIX. If you have any concerns about this, please do not reopen. Instead, feel free to contact Red Hat Technical Support. Thank you.