Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1077657

Summary: [RFE] It's possible to see admin permissions in UserPortal, when this permission is added directly on object.
Product: [oVirt] ovirt-engine Reporter: Ondra Machacek <omachace>
Component: RFEsAssignee: Oved Ourfali <oourfali>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.4.0CC: bazulay, bugs, ecohen, gklein, iheim, lpeer, nbarcet, oourfali, rbalakri, Rhev-m-bugs, sherold, yeylon
Target Milestone: ---Keywords: FutureFeature
Target Release: ---Flags: ylavi: ovirt-future?
rule-engine: planning_ack?
rule-engine: devel_ack?
rule-engine: testing_ack?
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-31 08:53:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ondra Machacek 2014-03-18 11:17:34 UTC 
Description of problem:


Version-Release number of selected component (if applicable):
av3

How reproducible:
always

Steps to Reproduce:
1. Create vm and assign it *Admin role.
2. Add user with UserVmManager role on cluster.
3. Login to user portal with user from 2) and check vm permissions subtab.

Actual results:
User can see *Admin permissions.

Expected results:
User can't see *Admin permissions.

Additional info:
bug 877906
Comment 1 Oved Ourfali 2014-03-24 13:17:27 UTC 
It doesn't sound like an issue to me, as long as you can't delete them (which I assume you can't).

Einav - thoughts about that?
Comment 2 Einav Cohen 2014-03-31 13:07:19 UTC 
(In reply to Oved Ourfali from comment #1)
> It doesn't sound like an issue to me, as long as you can't delete them
> (which I assume you can't).
> 
> Einav - thoughts about that?

There is a chance that the user can remove them (I think that we are blocking adding admin permissions, but we are not necessarily blocking removing admin permissions - I could be wrong); 

in any case, the user is the "Vm Manager", which means that he should be able to see/do anything on/to this VM, including see its Admin permissions. 

However, just like (AFAIK) we are blocking adding admin permissions, it might make sense to block viewing/removing admin permissions as well (the fact that we are revealing to the user some admin-related details may be problematic here). 

Needinfo'ing PM to ack/nack.

[this is somewhat-related to bug 1034625]
Comment 5 Arthur Berezin 2014-12-28 15:06:06 UTC 
Moving needinfo to current RHEV PM.
Comment 6 Yaniv Lavi 2017-01-03 11:07:49 UTC 
Removing old needinfos. Please restore, if still needed.