Bug 1369219 - UserRole user is unable to enroll all the roles
Summary: UserRole user is unable to enroll all the roles
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: Backend.Core
Version: 4.0.2.7
Hardware: All
OS: All
unspecified
medium vote
Target Milestone: ---
: ---
Assignee: Nobody
QA Contact: Aleksei Slaikovskii
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-22 17:04 UTC by Lukas Svaty
Modified: 2016-09-01 14:20 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-09-01 14:20:35 UTC
oVirt Team: Infra
rule-engine: planning_ack?
rule-engine: devel_ack?
lsvaty: testing_ack+

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Lukas Svaty 2016-08-22 17:04:25 UTC 
Description of problem:
When logged in as non super-admin user, he can add permissions from all the roles within the system, should be limited.

Version-Release number of selected component (if applicable):
ovirt-engine-4.0.2.7-0.1.el7ev.noarch

How reproducible:
100%

Steps to Reproduce:
1. add user with ClusterAdmin system permissions
2. logged in as user
3. go to dc add permissions to user2 see dropdown menu
4. go to vm add permissions to user2 see dropdown menu

Actual results:
All the roles are displayed.

Expected results:
Only relevant roles for ClusterAdmin and user should not be assign roles such as DataCenterAdmin
Comment 1 Martin Perina 2016-08-24 05:13:23 UTC 
Not sure I understand the issue: only users with admin roles are allowed to login to webadmin, so it's logical that users with admin role may see other admin roles.

So where is exactly the issue? And you marked this bug as Regressions, so what exactly changed from 3.6?
Comment 3 Juan Hernández 2016-09-01 13:48:39 UTC 
This is a side effect of the fix for bug 1273025:

  userportal: Only assignable roles shown on VM/Template permission tab
  https://gerrit.ovirt.org/47779

Before that fix the roles returned by the backend where the same regardless of the type of user. After that fix the backend returns all the roles for admins, and only the non-admin roles. So I think this change is by design.
Comment 4 Martin Perina 2016-09-01 14:20:35 UTC 
Based on BZ1273025 this is intended behaviour
Note You need to log in before you can comment on or make changes to this bug.