Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 766001

Summary: Read Only account was able to delete system
Product: Red Hat Satellite Reporter: Eric Sammons <esammons>
Component: WebUIAssignee: Partha Aji <paji>
Status: CLOSED CURRENTRELEASE QA Contact: Katello QA List <katello-qa-list>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6.0.0CC: mmccune, sghai
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
headpin
Last Closed: 2012-08-22 18:12:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 747354    
Attachments:
Description Flags
Screen shot of logged in user, w/ system having been deleted
none
Permission page showing Access Only on Org.
none
Permission page showing Access only to environments.
none
with access only permissions, no 'remove system' option is available on UI. none

Description Eric Sammons 2011-12-09 20:33:36 UTC 
Created attachment 544687 [details]
Screen shot of logged in user, w/ system having been deleted

Description of problem:
Logged in as a user with Access only permissions, was able to delete a system.
Comment 1 Eric Sammons 2011-12-09 20:34:29 UTC 
Created attachment 544689 [details]
Permission page showing Access Only on Org.
Comment 2 Eric Sammons 2011-12-09 20:35:29 UTC 
Created attachment 544691 [details]
Permission page showing Access only to environments.
Comment 3 Partha Aji 2012-01-11 23:26:40 UTC 
Hmm. Can't seem to reproduce this. Check again and fail it if it still occurs.
Comment 4 Sachin Ghai 2012-01-17 09:17:39 UTC 
Verified this with following katello build:

[root@dhcp201-176 ~]# rpm -qa | grep -ie katello-0 -ie pulp-0
katello-0.1.178-1.el6.noarch
katello-glue-pulp-0.1.178-1.el6.noarch
pulp-0.0.257-1.el6.noarch
[root@dhcp201-176 ~]# 


This defect is not reproducible.

I created a user 'test' and assign access only permissions for org and env. 

However when I tried to remove a system, no such option was available on UI. Please see the attachment in next comment.
Comment 5 Sachin Ghai 2012-01-17 09:21:09 UTC 
Created attachment 555712 [details]
with access only permissions, no 'remove system' option is available on UI.