Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1113950 - Docs say admin roles doesn't confer to user portal
Docs say admin roles doesn't confer to user portal
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: Documentation (Show other bugs)
3.4.0
x86_64 Linux
unspecified Severity medium
: ---
: ---
Assigned To: Lucy Bopf
Laura Novich
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2014-06-27 06:20 EDT by Florian Faltermeier
Modified: 2016-01-26 20:59 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-09-18 21:32:47 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Florian Faltermeier 2014-06-27 06:20:54 EDT 
Description of problem:

User abc:
Rights on UserPortal: UserRole
Rights on AdminPortal: SuperUser

An admin creates a VM and grant UserRole permissions for a specific group.
If user abc logs into UserPortal he can delete the VM but in UserRole it is explicitly forbidden.

See documentation: RHEV 3.4 Administration Guide
 - 16.4.2. User and Administrator Roles

Thank you!

Regards,
Florian

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Oved Ourfali 2014-06-29 01:02:37 EDT 
In order to investigate this bug we need to understand better what permissions does the user have, and on which objects.

In general, when working with the user portal, your user roles determine what you can see, but with regards to what you can do, your admin roles are also being considered.

So, if you can see the VM, and you have permissions to delete it (wither via user or admin role), then you'll be able to delete it.
Comment 2 Itamar Heim 2014-06-29 02:02:12 EDT 
user portal permissions change what users can see. it doesn't change the actions they can do.
(only queries are using the user portal moniker for filtering. actions do not)
Comment 3 Oved Ourfali 2014-06-29 02:11:34 EDT 
(In reply to Itamar Heim from comment #2)
> user portal permissions change what users can see. it doesn't change the
> actions they can do.
> (only queries are using the user portal moniker for filtering. actions do
> not)

So in that case the bug can be closed... assuming that's indeed the issue.

Florian - is that indeed the issue you're seeing?
Comment 4 Florian Faltermeier 2014-06-29 11:51:31 EDT 
Hello!

Thank you for the fast response. 
Referring to the documentation mentioned above:
If user abc has the standard UserRole in UserPortal (and has no permission to delete a VM!) so he can't delete the VM (-> no problem). But if the user abc has additionally SuperUser rights in AdminPortal, (documentation says that a Administrator Portal Role(SuperUser) has no impact referring to UserPortal) and login to UserPortal so he can delete the VM but as PortalUser he hasn't the permission to delete the VM. So what's wrong there? Perhaps the documentation?

excerpt of documentation:

16.4.2. User and Administrator Roles
Red Hat Enterprise Virtualization provides a range of pre-configured roles, from an administrator with system-wide permissions to an end user with access to a single virtual machine. While you cannot change or remove the default roles, you can clone and customize them, or create new roles according to your requirements. There are two types of roles:

    Administrator Role: Allows access to the Administration Portal for managing physical and virtual resources. An administrator role does not confer any permissions for the User Portal.
    User Role: Allows access to the User Portal for managing and accessing virtual machines and templates. A user role does not confer any permissions for the Administration Portal. 

For example, if you have an administrator role on a cluster, you can manage all virtual machines in the cluster using the Administration Portal. However, you cannot access any of these virtual machines in the User Portal; this requires a user role. 

Regards,
Florian
Comment 5 Oved Ourfali 2014-07-06 04:05:37 EDT 
Indeed a documentation issue.
Moving to proper product/component.

Thanks for bringing this up.
Comment 6 Oved Ourfali 2014-07-06 04:07:16 EDT 
The right documentation should be that the user roles do confer to the user portal, with regards to actions the user can do. However, they have no effect to what the user can see in the user portal
Comment 7 Lucy Bopf 2014-07-07 00:31:00 EDT 
Descriptions of administrator role and user role have been updated in "User and Administrator Roles" (topic 7923) to reflect the actual permissions each role grants in the User Portal (as discussed in this bug).
Comment 8 Lucy Bopf 2014-07-30 02:37:25 EDT 
Documentation Link
------------------------------
https://documentation-devel.engineering.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.5-Beta/html-single/Administration_Guide/index.html#User_properties_roles

What Changed
------------------------------
The following topic was revised to correct the description of permissions granted by user and administrator roles, as outlined in the bug above (specifically Comment #4 and Comment #6)

User and Administrator Roles [7923-681821]

Updated revision history: [34613-687013]

NVR
------------------------------
Red_Hat_Enterprise_Virtualization-Administration_Guide-3.5-Beta-web-en-US-3.5-5.el6eng

Moving to ON_QA.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.