Description of problem: User/Group drop down does not display the values Version-Release number of selected component (if applicable): 5.6.0.4-beta2.3.20160421172650_719e256 How reproducible: 100% Steps to Reproduce: 1. Create a new role (with all the modules enabled) 2. Create new group and assign the above created role 3. Create new user with above group 4. Login as new user. Navigate to Compute ==> Infrastructure ==> Virtual Machines ==> Choose a virtual machine (or) Compute ==> Clouds ==> Instances ==> choose an Instance 5. From Configuration ==> Set Ownership 6. Observe the drop down values for "Select an Owner" and "Select a Group" Actual results: Drop down values are not displayed apart from the user himself or user's group in the respective drop down. Refer the screenshot for more details. Expected results: Should display all the available users and groups in their respective drop down Note: Works fine with admin user Additional info:
Created attachment 1150340 [details] user drop down
Created attachment 1150341 [details] group drop down
https://github.com/ManageIQ/manageiq/pull/8501
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/63c14d77b04d7622c4fcc96bb2eabe9f0bef7909 commit 63c14d77b04d7622c4fcc96bb2eabe9f0bef7909 Author: lpichler <lpichler> AuthorDate: Fri May 6 13:45:32 2016 +0200 Commit: lpichler <lpichler> CommitDate: Wed May 18 09:40:13 2016 +0200 Use descendants strategies for User and MiqGroup affects lists in set ownership screen and list in Access Control https://bugzilla.redhat.com/show_bug.cgi?id=1330022 .../application_controller/ci_processing.rb | 4 ++-- app/models/rbac.rb | 2 ++ app/models/user.rb | 20 ++++++++++++++++++++ 3 files changed, 24 insertions(+), 2 deletions(-)
https://github.com/ManageIQ/manageiq/pull/8501 we are now using descendant tenant's strategy. so: For the Users drop down, we are displaying show all users in the tenant that the user belongs to as well as the users in the tenants below. For the Groups drop down, we are displaying show all groups that are associated with the tenant that the user belongs to as well as the groups associated with the tenants below. For admin users we are displaying all users and groups.
Hi Libor, I understand the functionality based on comment#8. But, I see some different behavior with and without role restriction for the user/group drop down. Request you kind inputs in understanding the functionality correctly. Let me explain my testing scenario: =================================== Create the following: Roles: ====== 1. role-1 with no "VM & Template Access Restriction" 2. role-2 with "VM & Template Access Restriction" as "only User Owned" 3. role-3 with "VM & Template Access Restriction" as "Only User or Group Owned" Groups:(Assign all the groups to the same tenant say "My Tenanat") ================================================================== 1. group-1, assign role-1 2. group-2, assign role-2 3. group-3, assign role-3 Users: ====== 1. user-1, assign to group-1 2. user-11, assign to group-1 3. user-2, assign to group-2 4. user-22, assign to group-2 5. user-3, assign to group-3 6. user-33, assign to group-3 Scenario-1: (Working fine as per the new implementation described in comment#8) =============================================================================== login as any user, navigate to Infrastructure Virtual Machines or Cloud Instance. Choose a vm/instance ==> Configuration ==> Set Ownership Result ==> all the users and groups are listed as there is no restriction on the role, which is working fine as per the new implementation Not clear with the below scenario behaviors, need clarification here Scenario-2: =========== 1. As admin, assign a vm or instance to user2 2. Login as user2, only the assigned vm/instance is displayed 3. Choose the vm/instance ==> Configuration ==> Set Ownership 4. Check for the user/group drop down Result ==> only the current user and group he belongs to is displayed (i.e., user-2 & group-2 is displayed) Scenario-3: =========== 1. As Admin, assign a vm or instance to user3 and group3 2. Login as user3 or user33, both of them should be able to see the vm/instance 3. Choose the vm/instance ==> Configuration ==> Set Ownership 4. Check for the user/group drop down Result ==> only the current user and group he belongs to is displayed (i.e., for user 3 ==> user-3 & group-3 is displayed, for user 3 ==> user-33 & group-3 is displayed) So, my question is for Scenario-2 and Scenario-3 Question-1: =========== Why other users belonging to the same group & tenant is not displayed? Reason, being user2 is not able change the ownership to another user who belongs to the same group i.e., user 22. Secondly he is not able to set ownership to another group which belongs to same tenant (which means, user 2 should be able to set ownership to group-1, group-2, group-3) Question-2: =========== As users belonging to group-2 and group-3 will not be able to set ownership to any other user or group, then what is the point of enabling "set ownership" option at all for these groups(this question is the extension for Question-1) Request your valid input here to understand the functionality correctly and deeply. Correct me if I am wrong in understanding this functionality Thanks, Ramesh
Tested in 5.6.0.8-rc1.20160524155303_f2a5a50
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1348
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days