Bug 741669

Summary: Doesn't seem to be a permission that would allow users to modify own info (password, etc.)
Product: Red Hat Satellite Reporter: Corey Welton <cwelton>
Component: WebUIAssignee: Justin Sherrill <jsherril>
Status: CLOSED CURRENTRELEASE QA Contact: Katello QA List <katello-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.0.1CC: mmccune
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-22 17:59:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 747354    

Description Corey Welton 2011-09-27 14:36:55 UTC 
Description of problem:
I'm not sure there's a permission combination possible that would allow users to change their password.  Note that this isn't a bug re: the fact that there is no UI presently to do such a thing - this is more about the idea that there seems to be no way to configure such a right.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. As admin, Create a user, "nonadmin" with no rights
2. As admin, click the link at the top-right corner to go to what is presumably the placeholder for user info (and probably where a user will be able to change his info) 
3. Login as nonadmin; attempt to visit the user info page - note permission denied.
4. Log back in as admin.  Create a new role, "user_role" and create a global permission called Update Users, which has a permission:verb of User:Update Users
5. Log back in as nonadmin and attempt to navigate to user info page.

Actual results:

This exercise appears to demonstrate that any present/future attempts to grant rights that would allow a user to change his own password (or at very least, view his own user info) are inextricably tied to the a role that grants Update rights across a global (or org-centric) basis - though presumably view user info would be available under Access Users.

Expected results:

There should be a role/permission that allows/will allow users to access their own user info without granting them such access on a larger scale.

Additional info:
Comment 1 Justin Sherrill 2011-10-04 17:57:01 UTC 
added ability for users to edit their own info by clicking on their user name in the upper right hand corner.

030f9e69b377bf3e818237d46256e79fd028c970
Comment 2 Corey Welton 2011-10-06 18:24:37 UTC 
As noted in the initial paragraph above, this bug has little to do with the fact that a user could not modify his or her own personal information - although now having this page makes it more readily apparently.

That said -- creating a user with no roles/permissions cannot access that page. Such a user, when clicking the login name, gets a permission denied.

OTOH, you can grant Update Users perm to this user - but then this user would be have rights to edit users globally or across an organization.

/That/ is the point of this bug. Any ability for a user to edit his or her own information is inextricably tied to a larger role which thus allows update all users, either globally or on an org-by-org basis.
Comment 3 Justin Sherrill 2011-10-06 18:36:02 UTC 
sorry, there was a (mistaken) requirement that to visit that page you needed to be in at least one org.  Fixed:

3ca2afb11c35dff870946754417336ea0860246b
Comment 4 Corey Welton 2011-10-25 04:07:33 UTC 
QA Verified.
Comment 7 Mike McCune 2013-08-16 18:05:46 UTC 
getting rid of 6.0.0 version since that doesn't exist