Red Hat Bugzilla – Bug 1304608
[RFE] Manager and viewer role do not contain permissions for katello, rex and other plugins actions
Last modified: 2018-02-21 07:33:41 EST
Per 6.3 planning, moving out non acked bugs to the backlog
*** Bug 1387240 has been marked as a duplicate of this bug. ***
Updating the subject of the BZ. The root cause is that Manager role does not contain Katello and possibly other plugins permissions. Rex defines it's own manager role but it would be better to have this in shared Manager role too.
Other plugins should be checked too, e.g. Insight,Openscap,Discovery
*** Bug 1279947 has been marked as a duplicate of this bug. ***
We will add permissions from plugins to Manager and Viewer + create plugin-specific roles to be consistent across all plugins. I'll go over plugins and start creating tickets.
Connecting redmine issue http://projects.theforeman.org/issues/17954 from this bug
Upstream bug assigned to email@example.com
Version tested - Satelite 6.3 snap 13.
The mechanisms to add roles to Manager are in place, and some plugins have added their own permissions to Manager. As you can see in the screenshots, Remote Execution, Discovery, OpenSCAP, etc.. permissions are available on the Manager.
However no Content permissions other than permissions of Content hosts have been added to Manager. This causes users with the Manager role to not be able to add products, sync content views, etc... as requested in the 1st comment of the BZ.
I would say this is probably a candidate for a blocker of 6.3.
Created attachment 1319935 [details]
Manager's view - no content
Created attachment 1319936 [details]
Manager permissions 6.3 snap 13 - 1
Created attachment 1319937 [details]
Manager permissions 6.3 snap 13 - 2
Created attachment 1319938 [details]
Manager permissions 6.3 snap 13 - 3
Created attachment 1319939 [details]
Manager permissions 6.3 snap 13 - 4
Set this as 6.3 blocker to ensure we don't ship 6.3 without a Manager role that can't manage Content.
Daniel, this is already tracked under BZ 1473212. If you can see all the other permissions, I think this could be considered verified. If you prefer to verify it here as well, I suggest you remove FailedQA and move it to POST with fixed_in_version set to Katello 3.4.5.
The only plugin I'm aware of that is not yet released with the patch is foreman_bootdisk. The last released version 9.0.0 does not contain the patch, it's in master only.
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/17954 has been resolved.
Please advise how you'd like this BZ to be treated so I can either move it to ON_DEV now or push it back to ASSIGNED.
ON_DEV, as https://bugzilla.redhat.com/show_bug.cgi?id=1473212 shows it was fixed on Snap 14 https://github.com/Katello/katello/pull/6703.
I was able to create a user with Manager Role and access Content on Satellite 6.3 snap 34. Thus I am moving this VERIFIED
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.