| Summary: | Non admin user is able to stop instances launched by admin | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Retired] CloudForms Cloud Engine | Reporter: | Shveta <ssachdev> | ||||
| Component: | aeolus-conductor | Assignee: | Scott Seago <sseago> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | wes hayutin <whayutin> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 1.0.0 | CC: | akarol, deltacloud-maint, hbrock, ssachdev | ||||
| Target Milestone: | beta4 | Keywords: | Triaged | ||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2012-03-07 18:38:44 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
Also see 788148 "(Global) Zone Administrator" says "user has full rights to zones, instances, deployments, and application blueprints. Thus this is the desired behavior. Once you start adding the global admin permissions, you can no longer say that this is a "non-admin" user, since you've given the user admin rights to zones, instances, etc. Note that your 'zone administrator' will still have no rights to mess with providers, etc. as that's a different class of administration rights. I think this should be closed as NOTABUG. Agree with Scott, this is desired behavior. Closing as NOTABUG. |
Created attachment 562171 [details] roles Description of problem: Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Created a user shveta 2. Roles granted to shveta are "Zone administrator" , "Profile admin" , and "application blueprint administrator" 3. Login as shveta pretty view and stop instances launched by admin and delete deployments created by admin. Sucessful Actual results: Expected results: Additional info: rpm -qa|grep aeolus aeolus-conductor-doc-0.8.0-27.el6.noarch aeolus-conductor-daemons-0.8.0-27.el6.noarch aeolus-configure-2.5.0-13.el6.noarch rubygem-aeolus-cli-0.3.0-8.el6.noarch aeolus-all-0.8.0-27.el6.noarch aeolus-conductor-0.8.0-27.el6.noarch rubygem-aeolus-image-0.3.0-7.el6.noarch