Bug 832505
Summary: | Removing a user from the super-users role does not revoke the permissions granted by that role | ||
---|---|---|---|
Product: | [Retired] Pulp | Reporter: | Jason Connor <jconnor> |
Component: | user-experience | Assignee: | Chris Duryee <cduryee> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Preethi Thomas <pthomas> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | Master | CC: | cduryee, mmccune, rbarlow, skarmark |
Target Milestone: | --- | Keywords: | Triaged |
Target Release: | 2.5.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-11-24 21:33:50 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jason Connor
2012-06-15 14:57:58 UTC
Does anybody know if this is still an issue in 2.3.1? This appears to work on 2.5.0-0.11.beta. I suspect it works on 2.4 as well. How I tested: * pulp-admin login -u admin * pulp-admin auth user create --login foo --password foo (create a user with no permissions) * pulp-admin auth role user add --role-id super-users --login foo (grant permissions) * pulp-admin auth permission list --resource / (verify that 'admin' and 'foo' both have full permissions on /) * pulp-admin auth role user remove --role-id super-users --login admin (remove admin from superuser role) * pulp-admin auth permission list --resource / (error! this is correct since we just removed admin user's perms) * pulp-admin login -u foo (login as 'foo') * pulp-admin auth permission list --resource / (verify that only 'foo' has permissions on / resource) Moving to ON_QA. verified [root@cloud-qe-19 ~]# rpm -qa pulp-server pulp-server-2.5.0-0.16.rc.el7.noarch [root@cloud-qe-19 ~]# [root@cloud-qe-19 ~]# pulp-admin login -u admin Enter password: Successfully logged in. Session certificate will expire at Nov 11 18:32:35 2014 GMT. [root@cloud-qe-19 ~]# pulp-admin auth user create --login foo --password foo User [foo] successfully created [root@cloud-qe-19 ~]# pulp-admin auth permission list --resource / +----------------------------------------------------------------------+ Permissions for / +----------------------------------------------------------------------+ Admin: CREATE, READ, UPDATE, DELETE, EXECUTE [root@cloud-qe-19 ~]# pulp-admin auth role user add --role-id super-users --login foo User [foo] successfully added to role [super-users] [root@cloud-qe-19 ~]# pulp-admin auth permission list --resource /+----------------------------------------------------------------------+ Permissions for / +----------------------------------------------------------------------+ Admin: CREATE, READ, UPDATE, DELETE, EXECUTE Foo: CREATE, READ, UPDATE, DELETE, EXECUTE [root@cloud-qe-19 ~]# pulp-admin auth role user remove --role-id super-users --login admin User [admin] successfully removed from role [super-users] [root@cloud-qe-19 ~]# [root@cloud-qe-19 ~]# [root@cloud-qe-19 ~]# pulp-admin auth permission list --resource /+----------------------------------------------------------------------+ Permissions for / +----------------------------------------------------------------------+ The specified user does not have permission to execute the given command [root@cloud-qe-19 ~]# pulp-admin login -u foo Enter password: Successfully logged in. Session certificate will expire at Nov 11 18:35:07 2014 GMT. [root@cloud-qe-19 ~]# pulp-admin auth permission list --resource / +----------------------------------------------------------------------+ Permissions for / +----------------------------------------------------------------------+ Foo: CREATE, READ, UPDATE, DELETE, EXECUTE [root@cloud-qe-19 ~]# |