Bug 1304608 - [RFE] Manager and viewer role do not contain permissions for katello, rex and other plugins actions
[RFE] Manager and viewer role do not contain permissions for katello, rex and...
Status: ON_QA
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Users & Roles (Show other bugs)
6.1.6
All Linux
medium Severity medium (vote)
: GA
: --
Assigned To: Ondřej Pražák
Daniel Lobato Garcia
: FutureFeature, Triaged
: 1279947 1387240 (view as bug list)
Depends On:
Blocks: 260381 1122832 1373844 1479962
  Show dependency treegraph
 
Reported: 2016-02-04 02:19 EST by Komal
Modified: 2017-10-06 13:43 EDT (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Manager's view - no content (30.79 KB, image/png)
2017-08-30 04:41 EDT, Daniel Lobato Garcia
no flags Details
Manager permissions 6.3 snap 13 - 1 (78.06 KB, image/png)
2017-08-30 04:42 EDT, Daniel Lobato Garcia
no flags Details
Manager permissions 6.3 snap 13 - 2 (97.60 KB, image/png)
2017-08-30 04:43 EDT, Daniel Lobato Garcia
no flags Details
Manager permissions 6.3 snap 13 - 3 (106.47 KB, image/png)
2017-08-30 04:43 EDT, Daniel Lobato Garcia
no flags Details
Manager permissions 6.3 snap 13 - 4 (78.06 KB, image/png)
2017-08-30 04:44 EDT, Daniel Lobato Garcia
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 2122151 None None None 2016-02-04 02:21 EST
Foreman Issue Tracker 17954 None None None 2017-01-06 04:22 EST

  None (edit)
Comment 9 Bryan Kearney 2016-07-08 16:21:10 EDT
Per 6.3 planning, moving out non acked bugs to the backlog
Comment 11 Marek Hulan 2016-12-02 05:34:38 EST
*** Bug 1387240 has been marked as a duplicate of this bug. ***
Comment 12 Marek Hulan 2016-12-02 05:39:01 EST
Updating the subject of the BZ. The root cause is that Manager role does not contain Katello and possibly other plugins permissions. Rex defines it's own manager role but it would be better to have this in shared Manager role too.
Comment 13 Marek Hulan 2016-12-02 05:41:19 EST
Other plugins should be checked too, e.g. Insight,Openscap,Discovery
Comment 14 Marek Hulan 2016-12-02 05:41:38 EST
*** Bug 1279947 has been marked as a duplicate of this bug. ***
Comment 15 Ondřej Pražák 2017-01-04 12:24:59 EST
We will add permissions from plugins to Manager and Viewer + create plugin-specific roles to be consistent across all plugins. I'll go over plugins and start creating tickets.
Comment 16 Ondřej Pražák 2017-01-06 04:22:55 EST
Connecting redmine issue http://projects.theforeman.org/issues/17954 from this bug
Comment 17 pm-sat@redhat.com 2017-01-10 10:16:17 EST
Upstream bug assigned to oprazak@redhat.com
Comment 22 Daniel Lobato Garcia 2017-08-30 04:40:22 EDT
Failed verification.

Version tested - Satelite 6.3 snap 13.

The mechanisms to add roles to Manager are in place, and some plugins have added their own permissions to Manager. As you can see in the screenshots, Remote Execution, Discovery, OpenSCAP, etc.. permissions are available on the Manager.

However no Content permissions other than permissions of Content hosts have been added to Manager. This causes users with the Manager role to not be able to add products, sync content views, etc... as requested in the 1st comment of the BZ. 

I would say this is probably a candidate for a blocker of 6.3.
Comment 23 Daniel Lobato Garcia 2017-08-30 04:41 EDT
Created attachment 1319935 [details]
Manager's view - no content
Comment 24 Daniel Lobato Garcia 2017-08-30 04:42 EDT
Created attachment 1319936 [details]
Manager permissions 6.3 snap 13 - 1
Comment 25 Daniel Lobato Garcia 2017-08-30 04:43 EDT
Created attachment 1319937 [details]
Manager permissions 6.3 snap 13 - 2
Comment 26 Daniel Lobato Garcia 2017-08-30 04:43 EDT
Created attachment 1319938 [details]
Manager permissions 6.3 snap 13 - 3
Comment 27 Daniel Lobato Garcia 2017-08-30 04:44 EDT
Created attachment 1319939 [details]
Manager permissions 6.3 snap 13 - 4
Comment 28 Daniel Lobato Garcia 2017-08-30 04:46:03 EDT
Set this as 6.3 blocker to ensure we don't ship 6.3 without a Manager role that can't manage Content.
Comment 29 Marek Hulan 2017-08-30 06:51:32 EDT
Daniel, this is already tracked under BZ 1473212. If you can see all the other permissions, I think this could be considered verified. If you prefer to verify it here as well, I suggest you remove FailedQA and move it to POST with fixed_in_version set to Katello 3.4.5.

The only plugin I'm aware of that is not yet released with the patch is foreman_bootdisk. The last released version 9.0.0 does not contain the patch, it's in master only.
Comment 30 pm-sat@redhat.com 2017-08-31 04:16:54 EDT
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/17954 has been resolved.
Comment 31 Eric Helms 2017-09-13 21:29:01 EDT
Daniel,

Please advise how you'd like this BZ to be treated so I can either move it to ON_DEV now or push it back to ASSIGNED.
Comment 32 Daniel Lobato Garcia 2017-10-02 05:15:39 EDT
ON_DEV, as https://bugzilla.redhat.com/show_bug.cgi?id=1473212 shows it was fixed on Snap 14 https://github.com/Katello/katello/pull/6703.

Note You need to log in before you can comment on or make changes to this bug.