Bug 1025796 - [RFE] RHEV-M admin portal should list all logged in users
[RFE] RHEV-M admin portal should list all logged in users
Status: CLOSED ERRATA
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: RFEs (Show other bugs)
3.2.0
x86_64 Linux
unspecified Severity high
: ovirt-3.6.0-rc
: 3.6.0
Assigned To: Yevgeny Zaspitsky
Ondra Machacek
: FutureFeature, Improvement
Depends On:
Blocks: 1250781
  Show dependency treegraph
 
Reported: 2013-11-01 11:27 EDT by wdaniel
Modified: 2016-03-09 15:33 EST (History)
17 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
It is now possible to view all active sessions through the Administration Portal. 'Guest Information' can be found under 'System' in tree mode.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-03-09 15:33:50 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
sherold: Triaged+


Attachments (Terms of Use)
error popup after terminate session as non priviledged user (8.05 KB, image/png)
2015-04-15 03:38 EDT, Ondra Machacek
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 38378 master MERGED engine: make EngineSession queryable Never
oVirt gerrit 38379 master MERGED engine: refactor PermissionsCommandBase.isSystemSuperUser method out Never
oVirt gerrit 38380 master MERGED engine: Add SessionDataContainer.getSessionIdBySeqId method Never
oVirt gerrit 38382 master MERGED engine: add TerminateSession command Never
oVirt gerrit 38383 master MERGED engine: define auto-completion for EngineSession objects Never
oVirt gerrit 38384 master MERGED webadmin: Add sessions main tab Never
oVirt gerrit 39890 master MERGED engine: add the proper message for not auth terminate session Never

  None (edit)
Description wdaniel 2013-11-01 11:27:57 EDT
Description of problem:

Customer would like the RHEV-M Admin Portal to list all users currently logged into the User/Admin portals.

Actual results:
Events tab shows users logging in, but not all users currently logged in.

Expected results:
An area in the Admin portal could list anyone who is using the portals
Comment 1 Arthur Berezin 2013-11-11 13:16:48 EST
Wallace, what is the use case ?
How is this info usefull to the customer ?
Comment 4 Arthur Berezin 2013-12-14 16:33:59 EST
Thanks Wallace.
Comment 5 Liran Zelkha 2014-03-18 04:28:13 EDT
I'm not sure I follow what is a logged in user. Users can always close their browsers, and it will take us a while to understand they didn't logout correctly (which probably no user does anyway).
Comment 6 Yaniv Lavi 2015-02-01 08:27:24 EST
I think we can add a filterable column\icon to the users tab that will show the login status. What do you think?
Comment 7 Einav Cohen 2015-02-02 17:12:21 EST
(In reply to Yaniv Dary from comment #6)
> I think we can add a filterable column\icon to the users tab that will show
> the login status. What do you think?

+1 on the visual design suggestion (please contact Eldan for exact icons), however please note Liran's Comment #5: it means that the logged-in-user information may not be accurate for certain periods of times - a user may appear as logged-in when in fact he already closed his browser. 
as long as you are OK with that - it's OK to proceed with this feature. 

thanks.
Comment 8 Yaniv Lavi 2015-02-03 02:37:24 EST
(In reply to Einav Cohen from comment #7)
> (In reply to Yaniv Dary from comment #6)
> > I think we can add a filterable column\icon to the users tab that will show
> > the login status. What do you think?
> 
> +1 on the visual design suggestion (please contact Eldan for exact icons),
> however please note Liran's Comment #5: it means that the logged-in-user
> information may not be accurate for certain periods of times - a user may
> appear as logged-in when in fact he already closed his browser. 

I think that it's acceptable. 

> as long as you are OK with that - it's OK to proceed with this feature. 
> 
> thanks.
Comment 10 Alon Bar-Lev 2015-02-24 11:25:53 EST
I do not like the use of Users tab for runtime information, the users tab in its current form is to go away some day, and will not contain users that do not have permissions.

I suggest a new tab - "Application Status" [or any], that will present runtime information and status, among other it can present the active users.

It should be quite simple, as ravi already reworked the login sequence to not touch the users/group table but use a session table.

I would also like to add force logout option per user, it also quite simple to achieve.

The status tab can be used for other runtime status, such as dwh status and other.
Comment 11 Yaniv Lavi 2015-02-25 03:21:19 EST
(In reply to Alon Bar-Lev from comment #10)
> I do not like the use of Users tab for runtime information, the users tab in
> its current form is to go away some day, and will not contain users that do
> not have permissions.

Why do you think this?

> 
> I suggest a new tab - "Application Status" [or any], that will present
> runtime information and status, among other it can present the active users.

A new tab is not a solution, it will make the Webadmin even less friendly on small monitors.

> 
> It should be quite simple, as ravi already reworked the login sequence to
> not touch the users/group table but use a session table.

That is the direction

> 
> I would also like to add force logout option per user, it also quite simple
> to achieve.

Is there a RFE on this?

> 
> The status tab can be used for other runtime status, such as dwh status and
> other.

Please discuss in UX for redesign plans.
Comment 12 Ondra Machacek 2015-04-14 09:04:56 EDT
Seems that only user with 'SuperUser' role on system can terminate session.
Please add appropriate error message when user don't have such permissions.

Things to consider:
1) Remove session db id column.
2) Remove user id column.
3) Add Authorization provider column(sortable).
Comment 13 Martin Perina 2015-04-14 16:04:14 EDT
(In reply to Ondra Machacek from comment #12)
> Seems that only user with 'SuperUser' role on system can terminate session.
> Please add appropriate error message when user don't have such permissions.

AFAIK only users with 'SuperUser' role can login into webadmin, so I can't see any reason for the error message

> 
> Things to consider:
> 1) Remove session db id column.

Currently this is the only way how to distinguish between user's logins from different sources.

> 2) Remove user id column.

Currently we don't have domain information inside EngineSession object, so displaying user id is the only way how to distinguish between two users with the same username and different domain.

> 3) Add Authorization provider column(sortable).

Currently we don't have provided information available inside EngineSession object.

But in 4.0 we can improve this feature.
Comment 14 Ondra Machacek 2015-04-14 16:16:02 EDT
(In reply to Martin Perina from comment #13)
> (In reply to Ondra Machacek from comment #12)
> > Seems that only user with 'SuperUser' role on system can terminate session.
> > Please add appropriate error message when user don't have such permissions.
> 
> AFAIK only users with 'SuperUser' role can login into webadmin, so I can't
> see any reason for the error message
> 

Well, there are much more roles with admin permissions, not only SuperUser which
can login to webadmin(examples: DataCeterAdmin, CLusterAdmin,...). But I can
open separate bugzilla for it to handle this error.

> Currently we don't have domain information inside EngineSession object, so  
> displaying user id is the only way how to distinguish between two users with 
> the same username and different domain.

If you know user_id, you should be able to search for 'domain' within 
'users' table, no?
Comment 15 Martin Perina 2015-04-14 16:38:48 EDT
(In reply to Ondra Machacek from comment #14)
> (In reply to Martin Perina from comment #13)
> > (In reply to Ondra Machacek from comment #12)
> > > Seems that only user with 'SuperUser' role on system can terminate session.
> > > Please add appropriate error message when user don't have such permissions.
> > 
> > AFAIK only users with 'SuperUser' role can login into webadmin, so I can't
> > see any reason for the error message
> > 
> 
> Well, there are much more roles with admin permissions, not only SuperUser
> which
> can login to webadmin(examples: DataCeterAdmin, CLusterAdmin,...). But I can
> open separate bugzilla for it to handle this error.

Sorry, I forgot about those roles. But knowing this, should Sessions be visible to users without SuperUser role? If so, we need to display proper error message, otherwise we should display Sessions only to SuperUsers

> 
> > Currently we don't have domain information inside EngineSession object, so  
> > displaying user id is the only way how to distinguish between two users with 
> > the same username and different domain.
> 
> If you know user_id, you should be able to search for 'domain' within 
> 'users' table, no?

We could, but that would make things more complex, because currently we work only with EngineSession entity.

Oved, what do you think?
Comment 17 Ondra Machacek 2015-04-15 03:38:35 EDT
Created attachment 1014611 [details]
error popup after terminate session as non priviledged user

There is no log on error level at backend. On frontend appers popup with error.
Comment 18 Oved Ourfali 2015-04-16 04:32:47 EDT
Ondra - the patch to add the error to the user was merged today.
Shall I move this back to modified? What's the verification status of this one?
Comment 19 Ondra Machacek 2015-04-16 05:07:56 EDT
I'll move it to modified, because no new bug for that issue was opened, and the patch is connected with this bz.

Test plan for this feature was reviewed, so when I test the fix I'll move it to verified, and open new bugzilla for 4.0 for things mentioned in #c12 .
Comment 20 Oved Ourfali 2015-04-16 06:31:07 EDT
(In reply to Ondra Machacek from comment #19)
> I'll move it to modified, because no new bug for that issue was opened, and
> the patch is connected with this bz.
> 
> Test plan for this feature was reviewed, so when I test the fix I'll move it
> to verified, and open new bugzilla for 4.0 for things mentioned in #c12 .

As for comment 12, I don't think we should delete session db id and user id.
As for the auth source, I hope we have this information at this scope. Worth opening a bug indeed.
Comment 21 Ondra Machacek 2015-05-21 07:11:26 EDT
Error message is OK in 3.6.0-2.
Comment 24 errata-xmlrpc 2016-03-09 15:33:50 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-0376.html

Note You need to log in before you can comment on or make changes to this bug.