Red Hat Bugzilla – Bug 1302431
partial inventory when using sub-tenant
Last modified: 2016-11-29 04:25:20 EST
Description of problem:
User that belongs to a group with no filtering and a sub-tenant is only able to see Clusters, Hosts, Resource Pools & Datastores
sub-tenant does not have access to Providers, virtual machines or templates.
Version-Release number of selected component (if applicable): 5.5.0
Steps to Reproduce:
Assigning to add test case
Josh, the visibility rules per class is found here:
Can you clarify exactly what setup you have in terms of a tree what objects you have, providers/ems/vm/templates and what tenant/group they belong to?
A sub-tenant should only be able to see "ExtManagementSystem", "MiqAeNamespace", "MiqTemplate", "Provider", "ServiceTemplateCatalog", "ServiceTemplate", etc. (the keys with a value of :ancestor_ids).
Of course, the sub-tenant will of course see all of it's own things, but above is for the class of objects owned by a parent tenant that are visible from the child tenant.
Please retest with 5.5.2. There was a fix made to address visibility of templates owned by the parent tenant. Users should be able to see the templates owned by the current tenant and parent tenants only. But, see VMs owned by current tenant and child tenants only.