Red Hat Bugzilla – Bug 1032131
Users unable to authenticate to user portal unless explicitly added
Last modified: 2013-11-20 02:15:18 EST
Description of problem:
After upgrading from 3.0.x to 3.2.4, there seems to be a behavioral change regarding new users. In the past, any valid user in the auth domain could log into the portal and the user would automatically get added to the users list in RHEVM. And with the pool permissions set so that the "everyone" user had access to the pool, then anyone could take a VM from the pool.
After upgrading to 3.2.4 nobody can log in unless I explicitly add the user AND also explicitly add the user to the pool (even though the everyone user already has permissions to the pool)..
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create pool with "everyone" user access
2. Log in from valid user in auth domain
3. Attempt to get VM from pool
This error (when debug logging is enabled)
2013-11-15 15:38:55,139 DEBUG [org.ovirt.engine.core.bll.LoginUserCommand] (ajp-/127.0.0.1:8702-11) [6650df7b] No permission found for user when running action LoginUser, on object Bottom for action group LOGIN with id bbb00000-0000-0000-0000-123456789bbb.
2013-11-15 15:38:55,139 WARN [org.ovirt.engine.core.bll.LoginUserCommand] (ajp-/127.0.0.1:8702-11) [6650df7b] CanDoAction of action LoginUser failed. Reasons:USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
Access to VM
the special built-in everyone group is ignored for login permission.
you can use any other domain group for the pool permission (domain users, etc.) which will work.
see Bug 986448 for more details