Red Hat Bugzilla – Bug 1258512
RBAC: Group context switching affecting provisioning best-fit placement, quota and group ownership
Last modified: 2015-10-22 10:33:15 EDT
MR merged http://gitlab.cloudforms.lab.eng.rdu2.redhat.com/cloudforms/cfme/merge_requests/267
Hello Aziza or Jeff,
This is tricky to test, since our UI currently does not allow us to assign multiple groups to a user. This tends to be an LDAP only feature.
But if you do not have LDAP available, then you can modify a user in rails console:
u = User.first
g1 = MiqGroup.first
g2 = MiqGroup.last
u.update_attributes(:current_group => g1, :miq_groups => [g1, g2])
In the UI, the upper right corner should give you the ability to change a user's group. This will change the current_group value in the user's record in the database.
If the UI does not have a drop down, try logging out and back in again.
Let me know if this helps you.
I think I got it all correct. We can double check on https://10.8.59.221/miq_request/show_list
I setup the environment as described. Starting with a group that allowed me to provision a VM, I started a provision request.
Immediately I toggled "Change Group ->" to the group that does not allow the user to provision on that host. This had no impact on the request and the VM was created as requested. User is jteehan/smartvm
It should be noted that upon completion, the user did not have access to that VM until switched back to a Group which did allow access.
All the requests and logs will be preserved on the above VM until 5.4.3 is officially released. I'll leave this in ON_QA for a bit should anyone which to comment.
This is still working per the instructions. Moving to Verified. Will also need to check in 5.5 for the cloned bug.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.