Bug 1919146
Summary: | [RFE] Possibility for further tailoring with Compliance Viewer role | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | ubasak <ubasak> |
Component: | SCAP Plugin | Assignee: | Marek Hulan <mhulan> |
Status: | CLOSED ERRATA | QA Contact: | addubey |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.7.0 | CC: | addubey, dsinglet, ktordeur, mhulan, momran, oezr, pcreech, satellite6-bugs |
Target Milestone: | 6.11.0 | Keywords: | EasyFix, FutureFeature, Triaged |
Target Release: | Unused | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-07-05 14:28:38 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
ubasak@redhat.com
2021-01-22 09:01:41 UTC
These are two independent resources. E.g. some user may not be allowed to view any host but they should still see all compliance reports. If you want to achieve what you describe, we first need to add a host search support for ArfReport resource. Then the compliance viewer role can be further tailored, so a filter like "host.owner = $current_user" could be specified. I'm changing this to RFE, since the behavior is consitent with other pages and I'd say works as it should. I don't think this should be a private bug since it's not a security issue, please publish if you agree. Created redmine issue https://projects.theforeman.org/issues/33025 from this bug Upstream bug assigned to mhulan Upstream bug assigned to mhulan Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/33025 has been resolved. A fix is upstream and proposed for inclusion in Satellite 7.0. Verified. Tested on: Satellite-7.0.0 Snap 7.0 Steps followed: 1. Create user 2. Assign Compliance viewer + View Hosts role to that user 3. Login from that user to cross-check Observation: Each user-ID with the "Compliance Viewer" role can only view the reports of "its content hosts" (or those of its group). Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Satellite 6.11 Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5498 |