Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
DescriptionAndrew Schofield
2015-12-22 19:45:48 UTC
Description of problem:
When a user has the 'create_hosts' permission then there are no controls to limit what Location, Host Group, Lifecycle Environment, Content View that the user can create the host in.
Version-Release number of selected component (if applicable):
6.1.5
How reproducible:
Create a user, assign to a role. Give the following roles
access_dashboard
assign_organizations, view_organizations
assign_locations, view_locations
edit_products, view_products name = P_GIRAFFE
promote_or_remove_content_views, view_content_views, publish_content_views name = CCV_CSL3.1_GIRAFFE or name = CV_GIRAFFE
promote_or_remove_content_views_to_environments, view_lifecycle_environments name = ENG
create_hosts, view_hosts hostgroup_fullname = HG_Capsule
Notice in the New Host as this user you can view ALL Host Groups, ALL Lifecycle Environments, ALL Content View's etc and initiate the build of a host.
Actual results:
Host is created by in host groups, lifecycle environments we have tried to limit.
Expected results:
Host creation to only show resources that the user has access too.
Additional info:
Please help us to understand the affected user's context:
1. is the affected user logged into a specific organization context (vs. any context)
2. Has the user been constrained to only view specific location?
1. The user is assigned to a organization (we only have one org configured) and is a member of that organization when attempting to create a host.
2. Yes. The user is assigned and constrained to a location.
Checked in Satellite 6.3 snap 5, the host creation dialog is correctly limited by user's privileges, with the exception of Lifecycle environments.
Having a role with permissions:
promote_or_remove_content_views_to_environments, view_lifecycle_environments
and search fitler as:
name = testenv
(see screenshot1)
This doesn't prevent the user from seeing all available lifecycle environments when creating a host as well as at the Contnet > Lifecycle Environment page.(see screenshot2)
Verified in satellite-6.3.0-21.0.beta.el7sat.noarch, create host dialog has options correctly limited according to permissions including lc environments
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
For information on the advisory, and where to find the updated files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2018:0336