Bug 1551141
Summary: | ipa hbacrule-mod cannot change servicecategory once for all, while in web UI it can. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Seldon Sun <seldonsun> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED NOTABUG | QA Contact: | ipa-qe <ipa-qe> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.4 | CC: | frenaud, pasik, pvoborni, rcritten, tscherf |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-10-17 07:57:32 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Seldon Sun
2018-03-02 21:09:39 UTC
Upstream ticket: https://pagure.io/freeipa/issue/7428 Hi, the behavior described in this BZ is not an issue but rather a design choice: - when an admin uses the GUI to change servicecategory='all' for an HBAC rule, he can see *before modification* if the rule already contains services because they would be displayed in the "Services" table. This means he is fully aware of the current HBAC rule definition, and that selecting 'Any service' will erase the list of services. - when the CLI is used, the admin may not realize that servicecategory='all' would erase a potentially long list of services. The decision was made to protect from unintentional deletion by adding the check and the error "ERROR: service category cannot be set to 'all' while there are allowed services". Hence this BZ will be closed as NOTABUG. |