Bug 534817 (RHQ-1577)

Summary: protect operations views behind authorization
Product: [Other] RHQ Project Reporter: Joseph Marques <jmarques>
Component: OperationsAssignee: Joseph Marques <jmarques>
Status: CLOSED NEXTRELEASE QA Contact: Heiko W. Rupp <hrupp>
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Improvement
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
URL: http://jira.rhq-project.org/browse/RHQ-1577
Whiteboard:
Fixed In Version: 1.2 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Joseph Marques 2009-02-16 04:18:00 UTC 
unless users have the CONTROL permission, prevent them from doing the following:
* scheduling operations
* "execute now" against some operation schedule
* unscheduling operations
* deleting operation history
Comment 1 Joseph Marques 2009-02-16 04:18:59 UTC 
this should be prevented for resources and resource groups
Comment 2 Joseph Marques 2009-02-16 04:40:09 UTC 
rev3074 - only render buttons for resource/group operations if user has appropriate permissions;
Comment 3 Heiko W. Rupp 2009-03-17 15:43:28 UTC 
This works when the user has no control permission *and no* manage-inventory permission.

rev QA-7408 

Why do we still show the OP-icon and tab in that case?
Comment 4 Red Hat Bugzilla 2009-11-10 20:35:58 UTC 
This bug was previously known as http://jira.rhq-project.org/browse/RHQ-1577