Created attachment 1136564 [details] role_filters Description of problem: Defined a Role which allows user to Edit host information (organization, host group, etc...). On "Parameters" tab, the user cannot edit or add parameter, but he can Remove Host parameters. Version-Release number of selected component (if applicable): Satellite 6.1.7 How reproducible: 100% Steps to Reproduce: 1. Defined a Role which allows user to Edit host information (organization, host group, etc...). 2. Go to a host and go to the "Parameters" tab, the user cannot edit or add parameter, but he can Remove Host parameters. Actual results: Able to remove a parameter from a host. Expected results: Deny removing parameter and remove the "Remove parameter" button from the page Additional info:
Created attachment 1136565 [details] host_parameters
I can't reproduce on 6.2.0, you need a filter for resource Parameter and a permission called "destroy_params" to see the cross next to remove.
Comment #5 confirmed on satellite-6.2.3-1.0, not possible to delete, however I wonder why display the "remove" string (see attachment) if it can't do anything? I suppose empty space under Actions would be more user-friendly.
Created attachment 1208875 [details] host_parameters_postfix
Peter, we tend to display actions that are not allowed so it's less confusing for user why sometimes see the link and sometimes now (e.g. if in one table they can see 2 params but can only delete one of them because of granular filter). If user does not have destroy permission for any parameter, the "destroy" is hidden for all of them. In this case it might be more confusing so if you feel this is a bug, we can probably hide it completely. Since this is already ON_QA, I'd suggest reporting a new BZ for that.
OK, if this is a policy and not some forgotten element, than be it. Moving to verified as per comment 6.
We have helpers for both, so it's a matter of specific page really.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:2108