Bug 1290732 - [RFE] Allow a user to be part of different groups
[RFE] Allow a user to be part of different groups
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - OPS (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: GA
: cfme-future
Assigned To: John Hardy
Dave Johnson
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2015-12-11 04:20 EST by Sergio Ocon
Modified: 2017-08-28 11:04 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-08-28 11:04:12 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Sergio Ocon 2015-12-11 04:20:26 EST
Description of problem:
When creating a user, it can only belong to a single project, however, a user should belong to different projects as he won't possible work in a single organization/project

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Create a tenant with a two projects
2. Create a group
3. Add a user to the group

Actual results:
The user can only be part of one group -> one tenant

Expected results:
As an administrator, I want to associate users to different projects, as the user will likely be part of several of them (i.e. demos + infrastructure + development), without the need of creating different users.
The user should be part of different projects. Tenants can be associated to one user, but projects should be added to the profile so a user can choose project (taht should be reflected in the GUI).
Something like Unix groups should be better: having a principal group and then a secondary groups, being able to choose which one is used each time trough a visual clue in the Patternfly utility links space

Additional info:
With the current definition, a project has no further value than a tenant. With this RFE, a tenant would split resources, and a project would be an administrative way of associating resources, creating quotas, associating specific automatic controls, etc.
Comment 2 Sergio Ocon 2016-05-09 09:40:33 EDT
This could aslo include the following feature:

- A user can be part of Department A/B/C.
- User in all departments can change things in development
- Only users of department C can change things in production.

For instance, only ops can start and stop a machine, and visibility for other groups should be restricted.

RBAC then should allow:
- A customer to be part of different groups, so a group can give read access to production, and another full access to production and development.
- Buttons and dialogues should be adapted to it.
- Visibility and RBAC are related but not linked. A user can see the same VM than another and not being able to update it
Comment 5 Chris Pelland 2017-08-28 11:04:12 EDT
This bug has been open for more than a year and is assigned to an older release of CloudForms. 
If you would like to keep this Bugzilla open and if the issue is still present in the latest version of the product, please file a new Bugzilla which will be added and assigned to the latest release of CloudForms.

Note You need to log in before you can comment on or make changes to this bug.