Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1225274 - 3.5.1 Upgrade adds "Everyone" group to disk profile
3.5.1 Upgrade adds "Everyone" group to disk profile
Status: CLOSED ERRATA
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine (Show other bugs)
3.5.1
Unspecified Unspecified
unspecified Severity medium
: ovirt-3.6.0-rc3
: 3.6.0
Assigned To: Roy Golan
Ondra Machacek
: Regression, ZStream
Depends On:
Blocks: 1284233
  Show dependency treegraph
 
Reported: 2015-05-26 22:27 EDT by nijin ashok
Modified: 2016-03-09 16:06 EST (History)
14 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
The "DiskProfileUser" role, which was an administrator role, was assigned to the "Everyone" group by default. As a result, when users logged into the User Portal, they saw the Extended tab by default and were exposed to options that they did not have permissions to operate. With this update, the "DiskProfileUser" role is changed to an end-user type role. Users with end-user type roles now see the Basic tab by default.
Story Points: ---
Clone Of:
: 1284233 (view as bug list)
Environment:
Last Closed: 2016-03-09 16:06:54 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: SLA
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 41834 master MERGED frontend: consider Everyone->diskProfileUser as basic user permission Never
Red Hat Product Errata RHEA-2016:0376 normal SHIPPED_LIVE Red Hat Enterprise Virtualization Manager 3.6.0 2016-03-09 20:20:52 EST

  None (edit)
Description nijin ashok 2015-05-26 22:27:08 EDT 
Description of problem:

After upgrading to 3.5.1 "Everyone" is added default in the permission of off disk profiles. So every user will be having an extra default permission of "DiskProfileUser" inherited from "Everyone". This gives an "extended view" option in user portal of all users even the users with basic "userrole" permissions. However every operation in the extended view is denied.  . For basic VM users, this option is confusing and will expose unintended information as every information about the VM is visible with option to edit/remove although it is denied after the action.

Version-Release number of selected component (if applicable):

rhevm-3.5.1.1-0.1.el6ev.noarch

How reproducible:

100%

Steps to Reproduce:
1. Upgrade the RHEV-M from 3.5.0 to 3.5.1
2. "Everyone" will be added as default permission for every disk profiles which gives DiskProfileUser permission to all users.


Actual results:

All users will get "DiskProfileUser" permissions which gives them a "extended view" in user portal which is confusing to basic users

Expected results:

DiskProfileUser need not be added by default

Additional info:
Comment 3 Roy Golan 2015-06-01 10:14:17 EDT 
note: we must make sure after the fix, any new profile must be restrictive and  not expose to everyone. 

the solution would be then to make the diskUserProfile a user and not admin.
Comment 5 Max Kovgan 2015-06-28 10:12:25 EDT 
ovirt-3.6.0-3 release
Comment 6 Ondra Machacek 2015-06-29 09:57:25 EDT 
User with 'DiskProfileUser' inherited from everyone group can't now see extended user portal. OK in 3.6.0-3.
Comment 7 Jiri Belka 2015-11-11 08:52:35 EST 
This is clear regression, I see it on 3.5.5 and #2 has report from customer. Why hasn't been this BZ merged to 3.5.x?
Comment 13 errata-xmlrpc 2016-03-09 16:06:54 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-0376.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.