Bug 832505
| Summary: | Removing a user from the super-users role does not revoke the permissions granted by that role | ||
|---|---|---|---|
| Product: | [Retired] Pulp | Reporter: | Jason Connor <jconnor> |
| Component: | user-experience | Assignee: | Chris Duryee <cduryee> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Preethi Thomas <pthomas> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | Master | CC: | cduryee, mmccune, rbarlow, skarmark |
| Target Milestone: | --- | Keywords: | Triaged |
| Target Release: | 2.5.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-11-24 21:33:50 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Jason Connor
2012-06-15 14:57:58 UTC
Does anybody know if this is still an issue in 2.3.1? This appears to work on 2.5.0-0.11.beta. I suspect it works on 2.4 as well. How I tested: * pulp-admin login -u admin * pulp-admin auth user create --login foo --password foo (create a user with no permissions) * pulp-admin auth role user add --role-id super-users --login foo (grant permissions) * pulp-admin auth permission list --resource / (verify that 'admin' and 'foo' both have full permissions on /) * pulp-admin auth role user remove --role-id super-users --login admin (remove admin from superuser role) * pulp-admin auth permission list --resource / (error! this is correct since we just removed admin user's perms) * pulp-admin login -u foo (login as 'foo') * pulp-admin auth permission list --resource / (verify that only 'foo' has permissions on / resource) Moving to ON_QA. verified
[root@cloud-qe-19 ~]# rpm -qa pulp-server
pulp-server-2.5.0-0.16.rc.el7.noarch
[root@cloud-qe-19 ~]#
[root@cloud-qe-19 ~]# pulp-admin login -u admin
Enter password:
Successfully logged in. Session certificate will expire at Nov 11 18:32:35 2014
GMT.
[root@cloud-qe-19 ~]# pulp-admin auth user create --login foo --password foo
User [foo] successfully created
[root@cloud-qe-19 ~]# pulp-admin auth permission list --resource /
+----------------------------------------------------------------------+
Permissions for /
+----------------------------------------------------------------------+
Admin: CREATE, READ, UPDATE, DELETE, EXECUTE
[root@cloud-qe-19 ~]# pulp-admin auth role user add --role-id super-users --login foo
User [foo] successfully added to role [super-users]
[root@cloud-qe-19 ~]# pulp-admin auth permission list --resource /+----------------------------------------------------------------------+
Permissions for /
+----------------------------------------------------------------------+
Admin: CREATE, READ, UPDATE, DELETE, EXECUTE
Foo: CREATE, READ, UPDATE, DELETE, EXECUTE
[root@cloud-qe-19 ~]# pulp-admin auth role user remove --role-id super-users --login admin
User [admin] successfully removed from role [super-users]
[root@cloud-qe-19 ~]#
[root@cloud-qe-19 ~]#
[root@cloud-qe-19 ~]# pulp-admin auth permission list --resource /+----------------------------------------------------------------------+
Permissions for /
+----------------------------------------------------------------------+
The specified user does not have permission to execute the given command
[root@cloud-qe-19 ~]# pulp-admin login -u foo
Enter password:
Successfully logged in. Session certificate will expire at Nov 11 18:35:07 2014
GMT.
[root@cloud-qe-19 ~]# pulp-admin auth permission list --resource /
+----------------------------------------------------------------------+
Permissions for /
+----------------------------------------------------------------------+
Foo: CREATE, READ, UPDATE, DELETE, EXECUTE
[root@cloud-qe-19 ~]#
|