Bug 767729

Summary: [RFE] Getting object-level rights
Product: Red Hat Enterprise Linux 7 Reporter: Dmitri Pal <dpal>
Component: ipaAssignee: Martin Kosek <mkosek>
Status: CLOSED WONTFIX QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: jgalipea, mkosek
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-02-19 11:47:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Dmitri Pal 2011-12-14 18:40:10 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2187

There needs to be a way to get the object-level rights for a particular user. This is needed to customize the UI behavior for the user, for example by showing/hiding Group Add/Delete button based on group add/delete permission.

The rights can be returned in the whoami command:

{{{
# ipa user-find --whoami --all --rights
--------------
1 user matched
--------------
  dn: uid=testuser,cn=users,cn=accounts,dc=example,dc=com
  objectlevelrights: {'user': u'ad','group': u'ad',...}
  ...
}}}

The testing will be done via UI.
In the UI you need to log as an admin with low privileges and see that the fields he is not allowed to modify or actions to perform are not available to him.
Comment 2 Martin Kosek 2016-02-19 11:47:16 UTC 
Thank you taking your time and submitting this request for Red Hat Enterprise Linux. The request was cloned to the upstream tracker long time ago (see link to the upstream ticket above), but it was unfortunately not given a priority neither in the upstream project, nor in Red Hat Enterprise Linux.

Given that this request is not planned for a close release, it is highly unlikely it will be fixed in this major version of Red Hat Enterprise Linux. We are therefore closing the request as WONTFIX.

To request that Red Hat reconsiders the decision, please reopen the Bugzilla with the help of Red Hat Customer Service and provide additional business and/or technical details about it's importance to you. Please note that you can still track this request or even offer help in the referred upstream Trac ticket to expedite the solution.