Bug 847333

Summary: Permission given to a group doesn't apply to its member
Product: Red Hat Enterprise Virtualization Manager Reporter: David Jaša <djasa>
Component: ovirt-engineAssignee: Yaniv Bronhaim <ybronhei>
Status: CLOSED CURRENTRELEASE QA Contact: Ondra Machacek <omachace>
Severity: high Docs Contact:
Priority: high    
Version: 3.1.0CC: dyasny, iheim, lpeer, oramraz, pstehlik, Rhev-m-bugs, sgrinber, yeylon, ykaul, yzaslavs
Target Milestone: ---Keywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: si16 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-12-04 19:59:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Jaša 2012-08-10 15:09:42 UTC 
Description of problem:
Permission given to a group doesn't apply to its member. Tested with AD as an identity provider.

Version-Release number of selected component (if applicable):
rhevm-3.1.0-11.el6ev.noarch / si13.2

How reproducible:
always

Steps to Reproduce:
1. add an AD domain with a User that is member of some Group to RHEV-M
2. in Configure -> System Permissions, assing PowerUserRole to the Group
3. log in as the User to UserPortal
  
Actual results:
User can access basic UserPortal only

Expected results:
User can acces PowerUserPortal

Additional info:
* when you add the User directly in Configure -> System Permissions, he can log in to PUP.
* looks related to bug 839319, bug 810400 and bug 846300.
Comment 1 Yaniv Bronhaim 2012-08-16 13:14:54 UTC 
suggest patch: http://gerrit.ovirt.org/#/c/7262/
Comment 2 David Jaša 2012-08-17 13:06:25 UTC 
Still present in si14 - if I apply VmCreator to a user, she can see Extended UP, however if I add it to a group, members of the group can not.
Comment 3 Yaniv Bronhaim 2012-08-19 15:32:10 UTC 
in reply to comment #2
You'r correct, this patch will enter si15.
I just verified this scenario on my development setup.
Comment 4 Yair Zaslavsky 2012-08-19 15:44:34 UTC 
Upstream merge:
http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commit;h=eda3e5537bb7513ec77129bad910691942b31b48