Bug 1602413

Summary: error 403 trying to use action refresh on a provider as non-admin user with api and refresh permissions granted
Product: Red Hat CloudForms Management Engine Reporter: Felix Dewaleyne <fdewaley>
Component: APIAssignee: Julian Cheal <jcheal>
Status: CLOSED ERRATA QA Contact: Antonin Pagac <apagac>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.9.0CC: apagac, cpelland, fdewaley, jcheal, jocarter, obarenbo, simaishi
Target Milestone: GA   
Target Release: 5.10.0   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: 5.10.0.15 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
5.10.1
Last Closed: 2019-02-07 23:03:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Felix Dewaleyne 2018-07-18 10:25:06 UTC 
Description of problem:
error 403 trying to use action refresh on a provider as non-admin user with api and refresh permissions granted

Version-Release number of selected component (if applicable):
5.9.3

How reproducible:
all the time in customer environment

Steps to Reproduce:
1. set up a new user with a new group based on vm_user plus api access and refresh access to cloud and infrastructure providers
2. issue a refresh using the classic ui with that user 
3. issue a refresh of the same provider using the api

Actual results:
error 403

Expected results:
the action is perfomed 

Additional info:
- using a ldap for authentication
- providers tested were amazon and azure
- same issue with vmware provider as well
Comment 4 Julian Cheal 2018-07-23 16:36:30 UTC 
PR to fix this https://github.com/ManageIQ/manageiq-api/pull/428
Comment 9 errata-xmlrpc 2019-02-07 23:03:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:0212