Red Hat Bugzilla – Full Text Bug Listing
|Summary:||Users with super user role cannot view other users|
|Product:||[Other] RHQ Project||Reporter:||John Sanda <jsanda>|
|Component:||Core Server||Assignee:||RHQ Project Maintainer <rhq-maint>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:||Mike Foley <mfoley>|
|Version:||4.3||CC:||ccrouch, hrupp, jkandasa|
|Target Release:||RHQ 4.3.0|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2013-08-31 06:15:45 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
|Bug Blocks:||782579, 786159|
Description John Sanda 2012-02-22 16:35:01 EST
Description of problem: As a user in the super user role, e.g., rhqadmin, I cannot view other users in the users view. I came across this in master. Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: 1. Log in as rhqadmin (or another user in the super user role). 2. Create a new user, and do not assign the user to the super user role. 3. After the user is created you are sent to the users view, but you will not see the user even if you click the refresh button in the footer. Actual results: Expected results: Additional info: I assigned the new user to a new role, and when I (as rhqadmin) go to view that role and click on the users tab, I do see the user listed. I can log in as the new user as well. The new user can the see the list of users as expected. This problem appears to be specific to users in the super user role.
Comment 1 John Sanda 2012-02-22 21:44:41 EST
It appears that this may be related to bug 786159. CCing Ian Springer so he can take a look at this.
Comment 2 Ian Springer 2012-02-23 17:48:32 EST
Fixed in master: http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commitdiff;h=ffad3bb We now make sure superusers, or users w/ MANAGE_SECURITY, can view other users, even if they don't have VIEW_USERS.
Comment 3 Ian Springer 2012-02-27 12:44:44 EST
QA Steps ======== 1) Verify that rhqadmin can view all other users. 2) Verify that another user added to the Superuser role can view all users. 3) Create a role that has MANAGE_SECURITY, but does *not* have VIEW_USERS. Add a user to that role. Verify that user can view all other users. 4) Create a role that has VIEW_USERS, but does *not* have MANAGE_SECURITY. Add a user to that role. Verify that user can view all other users. 5) Create a role with no permissions. Add a user to that role. Verify that user can *not* view any other users. 6) Create a user with no roles. Verify that user can *not* view any other users.
Comment 4 Jeeva Kandasamy 2012-04-25 08:34:14 EDT
Verified on the Build: Version: 4.4.0-SNAPSHOT Build Number: 5ffafd2 GWT Version: 2.4.0 SmartGWT Version: 3.0 OS: RHEL 6.1 X86_64 Browser: Firefox ESR 10.0.3 Followed the steps on Comment 3. Unable to execute the step #3, because "View Users permission cannot be deselected, unless the Manage Security permission, which implies all other permissions, is deselected first."
Comment 5 Heiko W. Rupp 2013-08-31 06:15:45 EDT
Bulk close of old bugs in VERIFIED state.