Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 796964

Summary: User with only 'Sync Product' permission can edit repositories and view gpg keys
Product: Red Hat Satellite Reporter: Eric Helms <ehelms>
Component: WebUIAssignee: Eric Helms <ehelms>
Status: CLOSED CURRENTRELEASE QA Contact: Katello QA List <katello-qa-list>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.0.1CC: ansmith, jturner, mmccune, omaciel
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-22 18:29:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 801908    
Bug Blocks:    

Description Eric Helms 2012-02-23 23:11:38 UTC 
Description of problem:
A user who has been granted a role that contains only the 'Sync Product' permission for a particular organization can view GPGKeys and edit repositories.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Create new user 'test_user'
2. Create new role 'sync products only'
3. Create Permission within ACME_Corporation with 'Permission For: Organization' and Verb 'Sync Product'
4. Add user 'test_user' to Role 'sync products only'
5. Logout and login as 'test_user'
  
Actual results:
The user can view all sync management pages in addition they can view GPG Keys and edit repositories under Providers.

Expected results:
Seems like if I only have permission to Sync Products I should not also have the ability to edit the details of a Repository. Further, I shouldn't expect to see GPGKey data.

Additional info:
Comment 2 Mike McCune 2012-03-07 23:43:49 UTC 
mass move ON_QA after brewing
Comment 3 Jeff Weiss 2012-03-08 19:29:17 UTC 
Fails QA.  Can still view GPG keys and Custom provider pages.  You can no longer edit repos though - that part is fixed.
Comment 4 Jeff Weiss 2012-03-08 19:29:25 UTC 
Katello Version: 0.2.8-1.git.11.033f96d.el6
Comment 5 Jeff Weiss 2012-03-08 19:35:54 UTC 
Can also view systems with just Sync Product permission.
Comment 6 Eric Helms 2012-03-09 19:01:46 UTC 
The ability to view systems comes from setting a default environment and has nothing to do with having the 'Sync Products' permission.  After discussion, it was decided being able to see GPG Keys with the 'Sync Products' permission is expected behavior given that 'Sync Products' gives you the ability to read provider information (i.e. Products, Repos, GPG Keys).
Comment 7 Jeff Weiss 2012-03-09 19:59:32 UTC 
See "blocks" field for more general bug that should fix this as well.
Comment 8 Jeff Weiss 2012-03-14 15:29:48 UTC 
Closing this bug in favor of the more general one, which will probably be deferred.
Comment 10 Mike McCune 2013-08-16 18:21:43 UTC 
getting rid of 6.0.0 version since that doesn't exist