Description of problem: Customer would like the RHEV-M Admin Portal to list all users currently logged into the User/Admin portals. Actual results: Events tab shows users logging in, but not all users currently logged in. Expected results: An area in the Admin portal could list anyone who is using the portals
Wallace, what is the use case ? How is this info usefull to the customer ?
Thanks Wallace.
I'm not sure I follow what is a logged in user. Users can always close their browsers, and it will take us a while to understand they didn't logout correctly (which probably no user does anyway).
I think we can add a filterable column\icon to the users tab that will show the login status. What do you think?
(In reply to Yaniv Dary from comment #6) > I think we can add a filterable column\icon to the users tab that will show > the login status. What do you think? +1 on the visual design suggestion (please contact Eldan for exact icons), however please note Liran's Comment #5: it means that the logged-in-user information may not be accurate for certain periods of times - a user may appear as logged-in when in fact he already closed his browser. as long as you are OK with that - it's OK to proceed with this feature. thanks.
(In reply to Einav Cohen from comment #7) > (In reply to Yaniv Dary from comment #6) > > I think we can add a filterable column\icon to the users tab that will show > > the login status. What do you think? > > +1 on the visual design suggestion (please contact Eldan for exact icons), > however please note Liran's Comment #5: it means that the logged-in-user > information may not be accurate for certain periods of times - a user may > appear as logged-in when in fact he already closed his browser. I think that it's acceptable. > as long as you are OK with that - it's OK to proceed with this feature. > > thanks.
I do not like the use of Users tab for runtime information, the users tab in its current form is to go away some day, and will not contain users that do not have permissions. I suggest a new tab - "Application Status" [or any], that will present runtime information and status, among other it can present the active users. It should be quite simple, as ravi already reworked the login sequence to not touch the users/group table but use a session table. I would also like to add force logout option per user, it also quite simple to achieve. The status tab can be used for other runtime status, such as dwh status and other.
(In reply to Alon Bar-Lev from comment #10) > I do not like the use of Users tab for runtime information, the users tab in > its current form is to go away some day, and will not contain users that do > not have permissions. Why do you think this? > > I suggest a new tab - "Application Status" [or any], that will present > runtime information and status, among other it can present the active users. A new tab is not a solution, it will make the Webadmin even less friendly on small monitors. > > It should be quite simple, as ravi already reworked the login sequence to > not touch the users/group table but use a session table. That is the direction > > I would also like to add force logout option per user, it also quite simple > to achieve. Is there a RFE on this? > > The status tab can be used for other runtime status, such as dwh status and > other. Please discuss in UX for redesign plans.
Seems that only user with 'SuperUser' role on system can terminate session. Please add appropriate error message when user don't have such permissions. Things to consider: 1) Remove session db id column. 2) Remove user id column. 3) Add Authorization provider column(sortable).
(In reply to Ondra Machacek from comment #12) > Seems that only user with 'SuperUser' role on system can terminate session. > Please add appropriate error message when user don't have such permissions. AFAIK only users with 'SuperUser' role can login into webadmin, so I can't see any reason for the error message > > Things to consider: > 1) Remove session db id column. Currently this is the only way how to distinguish between user's logins from different sources. > 2) Remove user id column. Currently we don't have domain information inside EngineSession object, so displaying user id is the only way how to distinguish between two users with the same username and different domain. > 3) Add Authorization provider column(sortable). Currently we don't have provided information available inside EngineSession object. But in 4.0 we can improve this feature.
(In reply to Martin Perina from comment #13) > (In reply to Ondra Machacek from comment #12) > > Seems that only user with 'SuperUser' role on system can terminate session. > > Please add appropriate error message when user don't have such permissions. > > AFAIK only users with 'SuperUser' role can login into webadmin, so I can't > see any reason for the error message > Well, there are much more roles with admin permissions, not only SuperUser which can login to webadmin(examples: DataCeterAdmin, CLusterAdmin,...). But I can open separate bugzilla for it to handle this error. > Currently we don't have domain information inside EngineSession object, so > displaying user id is the only way how to distinguish between two users with > the same username and different domain. If you know user_id, you should be able to search for 'domain' within 'users' table, no?
(In reply to Ondra Machacek from comment #14) > (In reply to Martin Perina from comment #13) > > (In reply to Ondra Machacek from comment #12) > > > Seems that only user with 'SuperUser' role on system can terminate session. > > > Please add appropriate error message when user don't have such permissions. > > > > AFAIK only users with 'SuperUser' role can login into webadmin, so I can't > > see any reason for the error message > > > > Well, there are much more roles with admin permissions, not only SuperUser > which > can login to webadmin(examples: DataCeterAdmin, CLusterAdmin,...). But I can > open separate bugzilla for it to handle this error. Sorry, I forgot about those roles. But knowing this, should Sessions be visible to users without SuperUser role? If so, we need to display proper error message, otherwise we should display Sessions only to SuperUsers > > > Currently we don't have domain information inside EngineSession object, so > > displaying user id is the only way how to distinguish between two users with > > the same username and different domain. > > If you know user_id, you should be able to search for 'domain' within > 'users' table, no? We could, but that would make things more complex, because currently we work only with EngineSession entity. Oved, what do you think?
Created attachment 1014611 [details] error popup after terminate session as non priviledged user There is no log on error level at backend. On frontend appers popup with error.
Ondra - the patch to add the error to the user was merged today. Shall I move this back to modified? What's the verification status of this one?
I'll move it to modified, because no new bug for that issue was opened, and the patch is connected with this bz. Test plan for this feature was reviewed, so when I test the fix I'll move it to verified, and open new bugzilla for 4.0 for things mentioned in #c12 .
(In reply to Ondra Machacek from comment #19) > I'll move it to modified, because no new bug for that issue was opened, and > the patch is connected with this bz. > > Test plan for this feature was reviewed, so when I test the fix I'll move it > to verified, and open new bugzilla for 4.0 for things mentioned in #c12 . As for comment 12, I don't think we should delete session db id and user id. As for the auth source, I hope we have this information at this scope. Worth opening a bug indeed.
Error message is OK in 3.6.0-2.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-0376.html