Bug 1258512 - RBAC: Group context switching affecting provisioning best-fit placement, quota and group ownership
RBAC: Group context switching affecting provisioning best-fit placement, quot...
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Automate (Show other bugs)
All All
high Severity medium
: GA
: 5.4.3
Assigned To: Keenan Brock
Jeff Teehan
: ZStream
Depends On: 1187777
  Show dependency treegraph
Reported: 2015-08-31 10:19 EDT by Chris Pelland
Modified: 2015-10-22 10:33 EDT (History)
14 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1187777
Last Closed: 2015-10-22 10:33:15 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Comment 3 Keenan Brock 2015-10-12 11:04:19 EDT
Hello Aziza or Jeff,

This is tricky to test, since our UI currently does not allow us to assign multiple groups to a user. This tends to be an LDAP only feature.

But if you do not have LDAP available, then you can modify a user in rails console:

u = User.first
g1 = MiqGroup.first
g2 = MiqGroup.last
u.update_attributes(:current_group => g1, :miq_groups => [g1, g2])

In the UI, the upper right corner should give you the ability to change a user's group. This will change the current_group value in the user's record in the database.

If the UI does not have a drop down, try logging out and back in again.

Let me know if this helps you.
Comment 4 Jeff Teehan 2015-10-12 14:28:44 EDT
I think I got it all correct.  We can double check on

I setup the environment as described.  Starting with a group that allowed me to provision a VM, I started a provision request.

Immediately I toggled "Change Group ->" to the group that does not allow the user to provision on that host.  This had no impact on the request and the VM was created as requested.  User is jteehan/smartvm

It should be noted that upon completion, the user did not have access to that VM until switched back to a Group which did allow access.

All the requests and logs will be preserved on the above VM until 5.4.3 is officially released.  I'll leave this in ON_QA for a bit should anyone which to comment.
Comment 5 Jeff Teehan 2015-10-19 12:09:50 EDT
This is still working per the instructions.  Moving to Verified.  Will also need to check in 5.5 for the cloned bug.
Comment 7 errata-xmlrpc 2015-10-22 10:33:15 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.