Red Hat Bugzilla – Bug 1235541
OpenStack tenant visibility not limited by tag
Last modified: 2015-12-08 08:19:01 EST
Description of problem: Users with "View" capabilities of tenants, can see all tenants, even if they are not tagged and the user is limited to some tags Version-Release number of selected component (if applicable): CF3.2 How reproducible: Create a user with limited tag visibility and tenant view permissions, attach to an openstack provider, do not tag any tenant and the user will see all tenants. Steps to Reproduce: 1. Create a user with limited tag visibility and tenant view permissions 2. Attach CF to an openstack provider 3. Do not tag any tenant with the visibility tag for the user Actual results: The user can see all tenants Expected results: The user only can see the tenants tagged with his visibility tag value Additional info: Attached screenshots
Dan - This ticket is focusing on applying RBAC to the UI screens. There is a similar issue for the provisioning dialogs and I opened Bug 1248181 to address that issue.
Just a note, I noticed this on other places too, e.g. stacks, flavors. So might be wider issue. Also I noticed that if I assign tag to a certain image, I can see it in image list. But when I want to provision Instance, the image list there is empty, so I can't provision.
https://github.com/ManageIQ/manageiq/pull/3691
*** Bug 1250232 has been marked as a duplicate of this bug. ***
New commit detected on manageiq/master: https://github.com/ManageIQ/manageiq/commit/d3d68c925879d081d3844fef20b045670c13cf81 commit d3d68c925879d081d3844fef20b045670c13cf81 Author: Harpreet Kataria <hkataria@redhat.com> AuthorDate: Mon Aug 3 09:29:16 2015 -0400 Commit: Harpreet Kataria <hkataria@redhat.com> CommitDate: Mon Aug 3 09:29:16 2015 -0400 Added missing classes to CLASSES_THAT_PARTICIPATE_IN_RBAC list https://bugzilla.redhat.com/show_bug.cgi?id=1235541 app/models/rbac.rb | 7 +++++++ 1 file changed, 7 insertions(+)
New commit detected on cfme/5.4.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=41a45cf7d41ce0fb8e7094996ea5e5418315001c commit 41a45cf7d41ce0fb8e7094996ea5e5418315001c Author: Harpreet Kataria <hkataria@redhat.com> AuthorDate: Wed Aug 5 09:21:32 2015 -0400 Commit: Harpreet Kataria <hkataria@redhat.com> CommitDate: Wed Aug 5 09:21:32 2015 -0400 Added missing classes to CLASSES_THAT_PARTICIPATE_IN_RBAC list https://bugzilla.redhat.com/show_bug.cgi?id=1235541 https://bugzilla.redhat.com/show_bug.cgi?id=1245682 vmdb/app/models/rbac.rb | 7 +++++++ 1 file changed, 7 insertions(+)
New commit detected on cfme/5.4.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=11d5ec0be786e910fffdedee3ad9d31a0e700458 commit 11d5ec0be786e910fffdedee3ad9d31a0e700458 Merge: 8522494 41a45cf Author: Dan Clarizio <dclarizi@redhat.com> AuthorDate: Thu Aug 6 13:36:21 2015 -0400 Commit: Dan Clarizio <dclarizi@redhat.com> CommitDate: Thu Aug 6 13:36:21 2015 -0400 Merge branch '54z_bz_1245682' into '5.4.z' Added missing classes to CLASSES_THAT_PARTICIPATE_IN_RBAC list https://bugzilla.redhat.com/show_bug.cgi?id=1235541 https://bugzilla.redhat.com/show_bug.cgi?id=1245682 @dclarizio please review/merge, clean patch was applied. Original PR: https://github.com/ManageIQ/manageiq/pull/3691 See merge request !211 vmdb/app/models/rbac.rb | 7 +++++++ 1 file changed, 7 insertions(+)
See BZ 1245682
Verified in 5.5.0.7
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2015:2551