+++ This bug was initially created as a clone of Bug #1208071 +++ I created a new user with a dedicated role with the following permissions: Host/managed: view_hosts The user is a member of 1 organization and 2/4 locations. When logging in via the web interface, the user can only see the hosts belonging to that 1 organization/2 locations. However, an API call via /api/hosts lists the hosts of all organizations and all locations. The only way I could fix this was by applying a location/organization restriction to the view_hosts filter on the role. --- Additional comment from Marek Hulan on 2015-04-01 06:28:17 EDT --- Created from redmine issue http://projects.theforeman.org/issues/9947
Moving to POST since upstream bug http://projects.theforeman.org/issues/9947 has been closed ------------- Marek Hulán Applied in changeset commit:abe910f2a46f4ecc1f349263d0b4751ed46ff200.
This bug is resolved in the Satellite 6.1 code base in bug https://bugzilla.redhat.com/show_bug.cgi?id=1208071. We are not planning to backport this to 6.0, and are therefore closing out this bug. Please feel free to contact bkearney and dcaplan with any issues.