Bug 1763893
| Summary: | [RFE] Implement impersonate feature for easier debugging | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Bryan Kearney <bkearney> | ||||
| Component: | Users & Roles | Assignee: | Ondřej Pražák <oprazak> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Roman Plevka <rplevka> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 6.4 | CC: | dsinglet, inecas, mawerner, mhulan, oprazak, pcreech, pstehlik, rplevka, sokeeffe, sshtein, vgrosu | ||||
| Target Milestone: | 6.7.0 | Keywords: | FutureFeature | ||||
| Target Release: | Unused | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Known Issue | |||||
| Doc Text: |
During an impersonation session, a user with administrator privileges for Satellite can impersonate another user with administrator privileges and can perform all actions that an administrator performs including creating and deleting other users with administrative privileges.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2020-04-14 13:26:02 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Bryan Kearney
2019-10-21 20:27:44 UTC
Created from redmine issue https://projects.theforeman.org/issues/26003 Upstream bug assigned to oprazak Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/26003 has been resolved. I had 2 admin users. as admin I impersonated admin2. Then, as admin2 i was able to delete admin. I don't think we want to allow this - do we? please, provide a proper documentation of the feature, what are the expected outcomes with scenarios similar to the one described in Comment #8? Created attachment 1655719 [details]
impersonate and delete self
(In reply to Roman Plevka from comment #9) > please, provide a proper documentation of the feature, Hi Roman, The product documentation changes are tracked in BZ#1778825, where I created a new procedure 'Impersonating a Different User Account' in the Administering Red Hat Satellite guide (for Satellite 6.7). The procedure is based on the scenario described in the Aha card: "As an admin user I can impersonate another user". It is stated in the procedure that "Administrators can impersonate other authenticated users for testing and troubleshooting purposes". The situation you are describing in Comment #8 is indeed worrying, while the feature behaviour extends beyond 'testing and troubleshooting purposes'. I agree with your assessment, this is not a scenario that we want to allow. However, I also believe that a programmatic solution to prevent this behaviour from occurring must be implemented. What do you think? > what are the expected > outcomes with scenarios similar to the one described in Comment #8? I will speak with our Content Strategists and Docs Program Manager to define the correct expectation for Comment #8 from a documentation point of view. I will update the ticket once I have more information. Thank you. Kind regards, Vlada Connecting redmine issue https://projects.theforeman.org/issues/28867 from this bug I agree we probably do not want to allow scenario described in comment #8. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:1454 |