Red Hat Bugzilla – Bug 1274722
Tenant admin has permissions to create new tenant outside tenant where he belongs to
Last modified: 2017-08-14 01:30:21 EDT
Description of problem:
Tenant administrator can create tenant outside tenant where he belongs to. This is not right, he must have admin rights within his tenant only.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create new tenant
2. Create new tenant admin role by copying EvmRole-tenant_administrator role
3. Create new tenant admin group and assign tenant and role created in previous steps
4. Create tenant admin and assign him just created group
5. Login as tenant admin and Navigate to Configuration -> Access control -> Tenants -> My company -> Configuration -> Add child tenant to this tenant
Tenant admin is able to create another tenant outside of tenant where he is administrator.
Tenant admin is able to create new child tenant only in tenants where he belongs.
Brad, can you weigh here on if this is valid and what the priority should be set too, thx!