Bug 1553392

Summary: EvmRole-auditor can perform actions on VM
Product: Red Hat CloudForms Management Engine Reporter: Satoe Imaishi <simaishi>
Component: UI - OPSAssignee: Martin Povolny <mpovolny>
Status: CLOSED ERRATA QA Contact: Landon LaSmith <llasmith>
Severity: high Docs Contact:
Priority: high    
Version: 5.8.0CC: abellott, cpelland, george.field, gtanzill, hkataria, jhardy, lavenel, llasmith, mpovolny, obarenbo, simaishi
Target Milestone: GAKeywords: ZStream
Target Release: 5.9.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 5.9.2.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1479583 Environment:
Last Closed: 2018-05-07 20:45:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: CFME Core Target Upstream Version:
Embargoed:
Bug Depends On: 1479583    
Bug Blocks:    

Comment 2 CFME Bot 2018-03-08 19:46:06 UTC 
New commit detected on ManageIQ/manageiq/gaprindashvili:

https://github.com/ManageIQ/manageiq/commit/555435b44d629d182c554f3303ede83bad525fac
commit 555435b44d629d182c554f3303ede83bad525fac
Author:     Harpreet Kataria <hkataria>
AuthorDate: Fri Jan 26 09:17:45 2018 -0500
Commit:     Harpreet Kataria <hkataria>
CommitDate: Fri Jan 26 09:17:45 2018 -0500

    Merge pull request #16394 from martinpovolny/role_fix

    Fix the pre-defined Auditor role's permissions.
    (cherry picked from commit fcc654f3a77d9e843b200d38ff07922333c540c2)

    Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1553392

 db/fixtures/miq_user_roles.yml | 36 +-
 1 file changed, 22 insertions(+), 14 deletions(-)
Comment 3 Landon LaSmith 2018-04-02 16:59:39 UTC 
Verified in 5.9.2. A user with EVMRole-auditor permissions no longer has access to VM power controls
Comment 6 errata-xmlrpc 2018-05-07 20:45:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1328