Bug 1596639
| Summary: | Tenant admins is not able to see newly created users | |||
|---|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Saurabh Heda <sheda> | |
| Component: | Appliance | Assignee: | Gregg Tanzillo <gtanzill> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Antonin Pagac <apagac> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | high | |||
| Version: | 5.8.0 | CC: | abellott, cpelland, dmetzger, gtanzill, hkataria, jrafanie, lavenel, mpovolny, obarenbo, simaishi, smallamp | |
| Target Milestone: | GA | Keywords: | TestOnly, ZStream | |
| Target Release: | 5.10.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | 5.10.0.11 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1613387 1613388 (view as bug list) | Environment: | ||
| Last Closed: | 2019-02-11 14:01:47 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | CFME Core | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1572700, 1613387, 1613388 | |||
|
Description
Saurabh Heda
2018-06-29 11:11:13 UTC
Please assess the impact of this issue and update the severity accordingly. Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity for a reminder on each severity's definition. If it's something like a tracker bug where it doesn't matter, please set the severity to Low. This seems to have been broken by (master/gaprindashvili) https://github.com/ManageIQ/manageiq/pull/17061 and a backport to fine: https://github.com/ManageIQ/manageiq/pull/17292 It looks like the workaround for now is to put the tenant administrator in all groups but we should treat tenant administrators as administrators over the whole tenant. I'm guessing tenant administrators should see all users within the tenant but not outside the tenant. Currently, it can only see users in the same group (and tenant) as the tenant administrator. Gregg, can you mark this as duplicate or link this to your code change? New commits detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/4d996af2350e2513cb57870f0610abd12e799b53 commit 4d996af2350e2513cb57870f0610abd12e799b53 Author: Gregg Tanzillo <gtanzill> AuthorDate: Thu Jul 26 15:26:40 2018 -0400 Commit: Gregg Tanzillo <gtanzill> CommitDate: Thu Jul 26 15:26:40 2018 -0400 Enable identification of `tenant_admin` role based on product feature `rbac_tenant` https://bugzilla.redhat.com/show_bug.cgi?id=1596639 https://bugzilla.redhat.com/show_bug.cgi?id=1596266 app/models/miq_product_feature.rb | 2 + app/models/miq_user_role.rb | 4 + 2 files changed, 6 insertions(+) https://github.com/ManageIQ/manageiq/commit/2f61692f134cdb790d99964a163e9426c0168929 commit 2f61692f134cdb790d99964a163e9426c0168929 Author: Gregg Tanzillo <gtanzill> AuthorDate: Thu Jul 26 15:28:06 2018 -0400 Commit: Gregg Tanzillo <gtanzill> CommitDate: Thu Jul 26 15:28:06 2018 -0400 Specs for testing group visibility for tenant admins https://bugzilla.redhat.com/show_bug.cgi?id=1596639 https://bugzilla.redhat.com/show_bug.cgi?id=1596266 spec/lib/rbac/filterer_spec.rb | 41 +- spec/models/miq_user_role_spec.rb | 15 + 2 files changed, 47 insertions(+), 9 deletions(-) https://github.com/ManageIQ/manageiq/commit/89347595eda522037795fd918f76521faff84ef4 commit 89347595eda522037795fd918f76521faff84ef4 Author: Gregg Tanzillo <gtanzill> AuthorDate: Thu Jul 26 15:29:36 2018 -0400 Commit: Gregg Tanzillo <gtanzill> CommitDate: Thu Jul 26 15:29:36 2018 -0400 Allow tenant admins to see all groups within the scope of their tenant Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1596639 Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1596266 lib/rbac/filterer.rb | 7 +- 1 file changed, 4 insertions(+), 3 deletions(-) Verified with 5.10.0.15. |