Red Hat Bugzilla – Bug 1290732
[RFE] Allow a user to be part of different groups
Last modified: 2017-08-28 11:04:12 EDT
Description of problem:
When creating a user, it can only belong to a single project, however, a user should belong to different projects as he won't possible work in a single organization/project
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create a tenant with a two projects
2. Create a group
3. Add a user to the group
The user can only be part of one group -> one tenant
As an administrator, I want to associate users to different projects, as the user will likely be part of several of them (i.e. demos + infrastructure + development), without the need of creating different users.
The user should be part of different projects. Tenants can be associated to one user, but projects should be added to the profile so a user can choose project (taht should be reflected in the GUI).
Something like Unix groups should be better: having a principal group and then a secondary groups, being able to choose which one is used each time trough a visual clue in the Patternfly utility links space
With the current definition, a project has no further value than a tenant. With this RFE, a tenant would split resources, and a project would be an administrative way of associating resources, creating quotas, associating specific automatic controls, etc.
This could aslo include the following feature:
- A user can be part of Department A/B/C.
- User in all departments can change things in development
- Only users of department C can change things in production.
For instance, only ops can start and stop a machine, and visibility for other groups should be restricted.
RBAC then should allow:
- A customer to be part of different groups, so a group can give read access to production, and another full access to production and development.
- Buttons and dialogues should be adapted to it.
- Visibility and RBAC are related but not linked. A user can see the same VM than another and not being able to update it
This bug has been open for more than a year and is assigned to an older release of CloudForms.
If you would like to keep this Bugzilla open and if the issue is still present in the latest version of the product, please file a new Bugzilla which will be added and assigned to the latest release of CloudForms.