Bug 2214274
| Summary: | Non-admin user with view-hosts permission has the capability to click on add parameter button | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | addubey |
| Component: | Hosts | Assignee: | Maria <magaphon> |
| Status: | CLOSED ERRATA | QA Contact: | Peter Ondrejka <pondrejk> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.14.0 | CC: | aruzicka, magaphon, mhulan, oezr, rlavi |
| Target Milestone: | 6.14.0 | Keywords: | Triaged |
| Target Release: | Unused | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | foreman-3.7.0.2-1 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-11-08 14:19:49 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/36549 has been resolved. Verified on Sat 6.14 sn7, user with view-host permission can no longer add and remove parameter Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: Satellite 6.14 security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:6818 |
Created attachment 1970424 [details] page_view Description of problem: Non-admin user with view-hosts permission has the capability to click on add parameter button, though it doesn't save then too we have the option to delete it and then it pop's up with access denied. Version-Release number of selected component (if applicable): 6.14.0 snap - 3 How reproducible: Always Steps to Reproduce: 1. Create a nonadmin user with view-hosts permission 2. Traverse to the parameter tab by clicking on the host on the All Host page 3. Try to add a param it allows but it doesn't save that, but allows to delete without saving Actual results: Add parameter button is enabled Expected results: It shouldn't be functioning for a user with only view-hosts permission Additional info: