Bug 1290732 - [RFE] Allow a user to be part of different groups
Summary: [RFE] Allow a user to be part of different groups
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - OPS
Version: 5.5.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: GA
: cfme-future
Assignee: John Hardy
QA Contact: Dave Johnson
URL:
Whiteboard: ui:tenant_cfme
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-12-11 09:20 UTC by Sergio Ocón-Cárdenas
Modified: 2017-08-28 15:04 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-28 15:04:12 UTC
Category: ---
Cloudforms Team: ---
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Sergio Ocón-Cárdenas 2015-12-11 09:20:26 UTC
Description of problem:
When creating a user, it can only belong to a single project, however, a user should belong to different projects as he won't possible work in a single organization/project

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Create a tenant with a two projects
2. Create a group
3. Add a user to the group

Actual results:
The user can only be part of one group -> one tenant

Expected results:
As an administrator, I want to associate users to different projects, as the user will likely be part of several of them (i.e. demos + infrastructure + development), without the need of creating different users.
The user should be part of different projects. Tenants can be associated to one user, but projects should be added to the profile so a user can choose project (taht should be reflected in the GUI).
Something like Unix groups should be better: having a principal group and then a secondary groups, being able to choose which one is used each time trough a visual clue in the Patternfly utility links space

Additional info:
With the current definition, a project has no further value than a tenant. With this RFE, a tenant would split resources, and a project would be an administrative way of associating resources, creating quotas, associating specific automatic controls, etc.

Comment 2 Sergio Ocón-Cárdenas 2016-05-09 13:40:33 UTC
This could aslo include the following feature:

- A user can be part of Department A/B/C.
- User in all departments can change things in development
- Only users of department C can change things in production.

For instance, only ops can start and stop a machine, and visibility for other groups should be restricted.

RBAC then should allow:
- A customer to be part of different groups, so a group can give read access to production, and another full access to production and development.
- Buttons and dialogues should be adapted to it.
- Visibility and RBAC are related but not linked. A user can see the same VM than another and not being able to update it

Comment 5 Chris Pelland 2017-08-28 15:04:12 UTC
This bug has been open for more than a year and is assigned to an older release of CloudForms. 
If you would like to keep this Bugzilla open and if the issue is still present in the latest version of the product, please file a new Bugzilla which will be added and assigned to the latest release of CloudForms.


Note You need to log in before you can comment on or make changes to this bug.