This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1297738 - EVERYONE user is added twice when creating a new disks profile
EVERYONE user is added twice when creating a new disks profile
Status: NEW
Product: ovirt-engine
Classification: oVirt
Component: BLL.Storage (Show other bugs)
3.6.2.1
Unspecified Unspecified
unspecified Severity low (vote)
: ovirt-4.3.0
: ---
Assigned To: Martin Sivák
meital avital
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-12 05:54 EST by Roman Mohr
Modified: 2017-07-26 04:38 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: SLA
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
dfediuck: ovirt‑4.2?
dfediuck: ovirt‑4.3?
mgoldboi: exception+
mgoldboi: planning_ack+
dfediuck: devel_ack?
mavital: testing_ack+


Attachments (Terms of Use)
diks profile permission screenshot (133.38 KB, image/png)
2016-01-12 05:54 EST, Roman Mohr
no flags Details

  None (edit)
Description Roman Mohr 2016-01-12 05:54:22 EST
Created attachment 1113906 [details]
diks profile permission screenshot

Description of problem:
EVERYONE user is assigned two times to a new disk profile


Version-Release number of selected component (if applicable):


How reproducible:
Create a disk profile and check it's permissions by clicking on it (see attached screenshot)


Steps to Reproduce:
1. Create an additional disk profile
2. Click on it in Storage->Disk Profiles->'profile name'
3. Look at the permissions

Actual results:
EVERYONE user is visible two times

Expected results:
EVERYONE user should only be there once

Additional info:
Comment 1 Roman Mohr 2016-01-13 10:09:57 EST
So the default profile currently gets:

user admin and role Superuser
user EVERYONE with role DiskProfileEditor

Every new profile gets

user admin and role Superuser
user EVERYONE with role DiskProfileEditor
user EVERYONE with role DiskProfileUser

It might be more correct to have these permissions on the default policy:

user admin and role Superuser
user <CREATOR> with role DiskProfileEditor
user EVERYONE with role DiskProfileUser

New profiles should have:
user admin and role Superuser
user <CREATOR> with role DiskProfileEditor

to make it an explicit decision if new profiles should be available for everyone.
Comment 2 Doron Fediuck 2016-01-19 09:03:48 EST
Roman note that not every user is a creator.
For example if I'm an end user (student), I may not be able to create a (disk, vNIC, VM), but I should still be able to consume one or more profiles based on
my permissions (including any LDAP group I belong to).

Note You need to log in before you can comment on or make changes to this bug.