Bug 800511

Summary: Revise global roles and default user permissions
Product: [Retired] CloudForms Cloud Engine Reporter: Scott Seago <sseago>
Component: aeolus-conductorAssignee: Scott Seago <sseago>
Status: CLOSED ERRATA QA Contact: pushpesh sharma <psharma>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 1.0.0CC: akarol, bbandari, cpelland, deltacloud-maint, hbrock, psharma, ssachdev
Target Milestone: beta5Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-05-15 22:48:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 788465    

Description Scott Seago 2012-03-06 15:53:10 UTC 
Description of problem:

We've got some unnecessary global roles, a couple that need combining, and we should remove most of the default user permission assignments

Delete the following roles:
  Global Provider Creator
  Global Pool Creator

Combine the following roles into Global Pool User:
  Global Deployable User
  Global Catalog User
  Global Pool User

Remove the all default permission assignments for new users except for 'Global HWP User' (admins will assign users to appropriate environments and pools):
Comment 1 Scott Seago 2012-03-06 16:23:23 UTC 
One modification. For now we're sticking with the Pool User role on the 'Default' Pool -- and _adding_ 'Pool Family User' on the default pool family for new users.
Comment 2 Scott Seago 2012-03-07 05:58:27 UTC 
Patch on-list here: https://fedorahosted.org/pipermail/aeolus-devel/2012-March/009446.html

minor change to overrides/en.yml for internal repo as well (removal of obsolete entries)
Comment 3 wes hayutin 2012-03-08 15:06:45 UTC 
*** Bug 798120 has been marked as a duplicate of this bug. ***
Comment 5 Scott Seago 2012-03-12 17:25:40 UTC 
patch posted to master at: d3eb97aa67b753a6953427ddb94902f46034ba6c

bug is MODIFIED but the internal patch isn't yet pushed (depends on the external one being moved over first)
Comment 6 Scott Seago 2012-03-12 17:48:57 UTC 
internal patch posted to 1.0-product: 80092dfaf0290d83854720c27f0e68f3cb082d77
Comment 8 pushpesh sharma 2012-04-05 05:50:38 UTC 
As per the description:-

Deleting the following roles:
  Global Provider Creator 
  Global Pool Creator ===> global zone Creator  

above roles are not an option in the drop-down box for global roles grants.so this requirement is complete.   


Combine the following roles into Global Pool User:
  Global Deployable User==>Global application User
  Global Catalog User
  Global Pool User ==>Global Zone User

Global Zone User is the only available option in the drop-down box for global roles grants.This role is able to preform catalog and application user tasks like:-
1. Can view,use,launch,stop,restart any Deployable 
        
2. Can view any catalog

3. Can view any zone,create new instances in any zone,create new application in any zone,view Quota usage for any zone.

Marking the bug as verified based on above observation.
Comment 9 pushpesh sharma 2012-04-05 05:59:23 UTC 
More observation on default permissions:-

1.any new user is assigned the "Global Profile User " by default,as per the description of the problem.

2.Default Cloud assigns "Cloud User" role to every new user.

3.Default Cloud Zone assigns "Zone User" role to every new user.  

2-3 is as per the requirement specified in comment#1

So all requirements are fulfilled and hence bug is verified.
Comment 11 errata-xmlrpc 2012-05-15 22:48:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2012-0583.html