+++ This bug was initially created as a clone of Bug #1112182 +++ Description of problem: I created a simple user in "Any context" mode and did not assign any location, org and roles. But following menus are visible to that user. Ideally user shouldn't be allowed to have access to any of menu items without any permission. Hosts menu shows "All Hosts" and user can see the created hosts. Version-Release number of selected component (if applicable): sat6 beta snap10 compose2 How reproducible: always Steps to Reproduce: 1. Login with admin user 2. create a user in "Any context" and do not assign location and org 3. logout with admin user and login with newly created user Actual results: User can see Hosts --> All hosts Expected results: user shouldn't be allowed to have access to any of menu items without any permission Additional info:
Created redmine issue http://projects.theforeman.org/issues/6361 from this bug
Not really "any permission", but all users automatically get the "Anonymous" role added. By default the anonymous role grants an unlimited view_hosts permission, which IMHO should be removed.
https://github.com/theforeman/foreman/pull/1549 is ready for testing
Moving to POST since upstream bug http://projects.theforeman.org/issues/6361 has been closed ------------- Daniel Lobato Garcia https://github.com/theforeman/foreman/pull/1549
Verified. (see screenshot) Version Tested: GA Snap 4 - Satellite-6.0.4-RHEL-6-20140806.0 * apr-util-ldap-1.3.9-3.el6_0.1.x86_64 * candlepin-0.9.19-1.el6_5.noarch * candlepin-scl-1-5.el6_4.noarch * candlepin-scl-quartz-2.1.5-5.el6_4.noarch * candlepin-scl-rhino-1.7R3-1.el6_4.noarch * candlepin-scl-runtime-1-5.el6_4.noarch * candlepin-selinux-0.9.19-1.el6_5.noarch * candlepin-tomcat6-0.9.19-1.el6_5.noarch * elasticsearch-0.90.10-4.el6sat.noarch * foreman-1.6.0.38-1.el6sat.noarch * foreman-compute-1.6.0.38-1.el6sat.noarch * foreman-gce-1.6.0.38-1.el6sat.noarch * foreman-libvirt-1.6.0.38-1.el6sat.noarch * foreman-ovirt-1.6.0.38-1.el6sat.noarch * foreman-postgresql-1.6.0.38-1.el6sat.noarch * foreman-proxy-1.6.0.23-1.el6sat.noarch * foreman-selinux-1.6.0.4-1.el6sat.noarch * foreman-vmware-1.6.0.38-1.el6sat.noarch * katello-1.5.0-28.el6sat.noarch * katello-ca-1.0-1.noarch * katello-certs-tools-1.5.6-1.el6sat.noarch * katello-installer-0.0.57-1.el6sat.noarch * openldap-2.4.23-34.el6_5.1.x86_64 * pulp-katello-0.3-3.el6sat.noarch * pulp-nodes-common-2.4.0-0.30.beta.el6sat.noarch * pulp-nodes-parent-2.4.0-0.30.beta.el6sat.noarch * pulp-puppet-plugins-2.4.0-0.30.beta.el6sat.noarch * pulp-puppet-tools-2.4.0-0.30.beta.el6sat.noarch * pulp-rpm-plugins-2.4.0-0.30.beta.el6sat.noarch * pulp-selinux-2.4.0-0.30.beta.el6sat.noarch * pulp-server-2.4.0-0.30.beta.el6sat.noarch * python-ldap-2.3.10-1.el6.x86_64 * ruby193-rubygem-net-ldap-0.3.1-3.el6sat.noarch * ruby193-rubygem-runcible-1.1.0-2.el6sat.noarch * sssd-ldap-1.11.5.1-3.el6.x86_64
Created attachment 925298 [details] permission denied accessing hosts
This was delivered with Satellite 6.0 which was released on 10 September 2014.