Description of problem:
After upgrading to 3.5.1 "Everyone" is added default in the permission of off disk profiles. So every user will be having an extra default permission of "DiskProfileUser" inherited from "Everyone". This gives an "extended view" option in user portal of all users even the users with basic "userrole" permissions. However every operation in the extended view is denied. . For basic VM users, this option is confusing and will expose unintended information as every information about the VM is visible with option to edit/remove although it is denied after the action.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Upgrade the RHEV-M from 3.5.0 to 3.5.1
2. "Everyone" will be added as default permission for every disk profiles which gives DiskProfileUser permission to all users.
All users will get "DiskProfileUser" permissions which gives them a "extended view" in user portal which is confusing to basic users
DiskProfileUser need not be added by default
note: we must make sure after the fix, any new profile must be restrictive and not expose to everyone.
the solution would be then to make the diskUserProfile a user and not admin.
User with 'DiskProfileUser' inherited from everyone group can't now see extended user portal. OK in 3.6.0-3.
This is clear regression, I see it on 3.5.5 and #2 has report from customer. Why hasn't been this BZ merged to 3.5.x?
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.