Bug 1920539
Summary: | Error screen displayed after user login in admin portal. | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Ulhas Surse <usurse> |
Component: | ovirt-engine | Assignee: | rszwajko |
Status: | CLOSED ERRATA | QA Contact: | Ivana Saranova <isaranov> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.4.3 | CC: | emarcus, isaranov, lsurette, mavital, michal.skrivanek, mkalinin, rszwajko, sgratch |
Target Milestone: | ovirt-4.4.5-1 | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | rhv-4.4.5-10 | Doc Type: | Bug Fix |
Doc Text: |
Previously, saving user preferences in the Red Hat Virtualization Manager required the MANIPULATE_USERS permission level. As a result, user preferences were not saved on the server.
In this release, the required permission level for saving user preferences was changed to EDIT_PROFILE, which is the permission level assigned by default to all users. As a result, saving user preferences works as expected.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-04-14 11:43:08 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | UX | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ulhas Surse
2021-01-26 14:19:06 UTC
Possibly caused by user options changes from bug 1752751 We shouldn’t assume a user has a System level permission, even though it’s not that common not to add SuperUser just there. SuperUser is meant to be just that, a System level all-access account. OK so SuperUser can access all components agree. https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html/administration_guide/sect-system_permissions#Administrator_Roles_Explained How about DataCenterAdmin role: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.3/html/administration_guide/sect-system_permissions#Data_center_permissions_entities "For example, a DataCenterAdmin role has administrator privileges only for the assigned data center with the exception of the storage for that data center" But I can still see the other DataCetners with user assigned to one DC with this role. Am I missing any configuration or roles are not working as expected? None of the roles define visibility. There's only the distinction between user and admin role type. Once you're any kind of admin you can see (as in REST API or webadmin) everything. It is not related to this bug (In reply to Michal Skrivanek from comment #8) > None of the roles define visibility. There's only the distinction between > user and admin role type. Once you're any kind of admin you can see (as in > REST API or webadmin) everything. > It is not related to this bug Thanks for clarifying, Michal. So this is by design. MANIPULATE_USERS permission will be no longer required for storing user options after [1] is merged. This should remove the root cause of this problem. [1] https://gerrit.ovirt.org/113128 Aligning with BZ1171924 that is already in progress, should be in 4.4.6, Radek please keep the bug updated The fix has been backported to 4.4.5.z branch with patch https://gerrit.ovirt.org/c/113859/ Steps: 1. Configure a user to login with SuperUser role on a DC. 2. Login with the user Results: No error during the login. User is logged in correctly. Verified in: ovirt-engine-4.4.5.11-0.1.el8ev.noarch Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] 0-day security, bug fix, enhance), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:1186 Due to QE capacity, we are not going to cover this issue in our automation |