Here are the details of the MR for the 5.5.2.3 build: New commit detected on cfme/5.5.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=35fd2d3d6403493a8411c7250944007a6586ab9b commit 35fd2d3d6403493a8411c7250944007a6586ab9b Author: Keenan Brock <kbrock> AuthorDate: Tue Jan 26 11:09:31 2016 -0500 Commit: Greg McCullough <gmccullo> CommitDate: Tue Jan 26 18:29:49 2016 -0500 FIX: Approve Vm provisioning in UI https://bugzilla.redhat.com/show_bug.cgi?id=1301631 The workflow requester is set to the current_user. The group context for the request was then being set in the the current_user, corrupting it. Changes: 1. MiqRequestWorkflow#requester = MiqRequest#requester so the correct dialogs will be displayed. 2. Requester is cloned before setting the group as a precaution. This assumes the viewer and administrator can see the resources that the requester has access to view as well. app/controllers/application_controller/miq_request_methods.rb | 2 +- app/models/miq_request_workflow.rb | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-)
What is the correct way to create a role without approve rights?
Pete, I think a self service user does not have approval rights. The bug is when an admin (with privs and many groups) views a request, the admin is moved into the group of the user who created the request. So privileges go away, since the buttons are based upon the user's group in the view. Kevin Morey created the ticket and may be able to help you reproduce.
Using admin user, I created a provision request for 3 vms, which does not get automatic approval because gt 1, then I was able to approve it. Also tried deny without issue. Good to go.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:0159