Description of problem: When user doesn't have permissions to login, he will get created session anyway. Version-Release number of selected component (if applicable): 4.0 How reproducible: always Steps to Reproduce: 1. Add some external user and don't assign him any permission 2. Login as this user Actual results: Session is created and you have to logout Expected results: Session isn't created Additional info:
The entire "permission to login" concept should be modified. User login into the "entire" ovirt application, only when accessing a specific service security check is performed. A user can actually login into the "Welcome" service, should not have any special permissions to do so.
As Alon mentioned, this should be close as not a bug. The user can authenticate himself with SSO using the user name and correct password but does not have access to any of the services. When the user tries to access the service an appropriate message is displayed indicating that the user is not authorized to perform the action.