Bug 1574958

Summary: [RFE] Auto-assign role when a user is created on internal-auth or triggered by SAML logon
Product: Red Hat Enterprise Virtualization Manager Reporter: Juan Manuel Parrilla Madrid <jparrill>
Component: ovirt-engineAssignee: Nobody <nobody>
Status: CLOSED WONTFIX QA Contact: Pavel Stehlik <pstehlik>
Severity: low Docs Contact:
Priority: unspecified    
Version: 4.1.10CC: jparrill, lsurette, mavital, michal.skrivanek, mperina, nobody, pstehlik, rbalakri, Rhev-m-bugs, srevivo, ykaul
Target Milestone: ---Keywords: FutureFeature, Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: 1574951 Environment:
Last Closed: 2018-05-11 13:13:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1570040, 1574951, 1588375    
Bug Blocks:    

Description Juan Manuel Parrilla Madrid 2018-05-04 12:21:22 UTC 
Description of problem:

I have been working with RHEV development people, concretely with "mmartinv" to make work mod_auth_mellon with internal-auth and it works fine.

The issue comes when you login with a precreated user on the database, this one has not any role assigned, then will not see anything. 

The point of this bug is, to create a default role that has very limited permissions. All the users that has been created with "ovirt-aaa-jdbc-tool" belongs to this default group.

This bug is also related with:

- https://bugzilla.redhat.com/show_bug.cgi?id=1570040
- https://bugzilla.redhat.com/show_bug.cgi?id=1574951
Comment 1 Martin Perina 2018-05-11 13:13:54 UTC 
This RFE doesn't make sense:

1. We don't want to assign admin role to all new users to be able to login into webadmin

2. We don't want to assign user role globally to all new users, because they would be able to see all VMs. Users permissions has to be assigned pre sepcific VM or pool.

Administrator need to assign role per specific object before user can login to either webadmin or VM portal.
Comment 2 Franta Kust 2019-05-16 13:09:30 UTC 
BZ<2>Jira Resync