Bug 1274722 - Tenant admin has permissions to create new tenant outside tenant where he belongs to
Tenant admin has permissions to create new tenant outside tenant where he bel...
Status: NEW
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - OPS (Show other bugs)
5.5.0
Unspecified Unspecified
unspecified Severity medium
: GA
: cfme-future
Assigned To: Dan Clarizio
Pavol Kotvan
tenant_cfme:rbac
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-23 08:50 EDT by Pavol Kotvan
Modified: 2017-08-14 01:30 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: Bug
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Pavol Kotvan 2015-10-23 08:50:28 EDT
Description of problem:
Tenant administrator can create tenant outside tenant where he belongs to. This is not right, he must have admin rights within his tenant only.

Version-Release number of selected component (if applicable):
5.5.0.6-beta1.2.20151014155446_ed40d96 

How reproducible:
always

Steps to Reproduce:
1. Create new tenant
2. Create new tenant admin role by copying EvmRole-tenant_administrator role
3. Create new tenant admin group and assign tenant and role created in previous steps
4. Create tenant admin and assign him just created group
5. Login as tenant admin and Navigate to Configuration -> Access control -> Tenants -> My company -> Configuration -> Add child tenant to this tenant

Actual results:
Tenant admin is able to create another tenant outside of tenant where he is administrator.

Expected results:
Tenant admin is able to create new child tenant only in tenants where he belongs.

Additional info:
Comment 2 Dave Johnson 2015-11-06 17:11:37 EST
Brad, can you weigh here on if this is valid and what the priority should be set too, thx!

Note You need to log in before you can comment on or make changes to this bug.