Description of problem: - There is a Pool of VMs - A permission (UserRole) is added to a group (LDAP) Users from group can login, but cannot not attach to VMs. Version-Release number of selected component (if applicable): ovirt-engine-4.0.4.4-0.1.el7ev.noarch How reproducible: 100% Steps to Reproduce: 1. Create a Pool of VMs 2. Permissions -> Add - > Group -> GO -> Select -> OK 3. Use a user from the Group to login to User Portal (fine) 4. User sees the VM 5. User fails to start the VM (AttachUserToVmFromPoolAndRunCommand fails because user is missing from 'users' table) Actual results: User fails to start VM Expected results: User is able to start VM Additional info: 2016-10-26 23:02:26,767 INFO [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-15) [] User XXX successfully logged in with scopes: ovirt-app-admin ovirt-app-api ovirt-app-portal ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovirt-ext=token:password-access 2016-10-26 23:02:26,872 INFO [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-24) [2912b9e9] Running command: CreateUserSessionCommand internal: false. 2016-10-26 23:02:27,927 INFO [org.ovirt.engine.docs.utils.servlet.ContextSensitiveHelpMappingServlet] (default task-25) [] Successfully read CSH mapping file '/usr/share/doc/rhevm-doc/manual/en-US/csh.conf.d/userportal/10-userportal-en-US.json' 2016-10-26 23:02:30,481 INFO [org.ovirt.engine.core.bll.AttachUserToVmFromPoolAndRunCommand] (default task-21) [79c686db] Lock Acquired to object 'EngineLock:{exclusiveLocks='[00000000-0000-0000-0000-000000000000=<USER_VM_POOL, ACTION_TYPE_FAILED_OBJECT_LOCKED>]', sharedLocks='null'}' 2016-10-26 23:02:30,698 INFO [org.ovirt.engine.core.bll.AttachUserToVmFromPoolAndRunCommand] (default task-21) [79c686db] Running command: AttachUserToVmFromPoolAndRunCommand internal: false. Entities affected : ID: ff07cd4c-ffef-45f3-8915-e41ae54f76c5 Type: VmPoolAction group VM_POOL_BASIC_OPERATIONS with role type USER 2016-10-26 23:02:30,749 WARN [org.ovirt.engine.core.bll.AddPermissionCommand] (default task-21) [73c20662] Validation of action 'AddPermission' failed for user XXX. Reasons: USER_MUST_EXIST_IN_DB 2016-10-26 23:02:30,905 INFO [org.ovirt.engine.core.bll.AttachUserToVmFromPoolAndRunCommand] (default task-21) [73c20662] Failed to give user '00000000-0000-0000-0000-000000000000' permission to Vm 'cd267c39-8cd1-444b-9ddb-563e4b20e8b1' 2016-10-26 23:02:31,214 ERROR [org.ovirt.engine.core.bll.AttachUserToVmFromPoolAndRunCommand] (default task-21) [73c20662] Transaction rolled-back for command 'org.ovirt.engine.core.bll.AttachUserToVmFromPoolAndRunCommand'. 2016-10-26 23:02:31,295 ERROR [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-21) [73c20662] Correlation ID: 79c686db, Job ID: b8ab2982-d3e7-41af-9c1d-59b23ecc190f, Call Stack: null, Custom Event ID: -1, Message: Failed to attach User <UNKNOWN> to VM from VM Pool CentOS6-Pool (User: XXX). 2016-10-26 23:02:31,362 INFO [org.ovirt.engine.core.bll.AttachUserToVmFromPoolAndRunCommand] (default task-21) [73c20662] Lock freed to object 'EngineLock:{exclusiveLocks='[00000000-0000-0000-0000-000000000000=<USER_VM_POOL, ACTION_TYPE_FAILED_OBJECT_LOCKED>]', sharedLocks='null'}' User XXX belongs to group ipausers, which has UserRole permissions in this Pool. From what I can see, when that XXX users logs in for the first time, it's not added to the 'users' table.
Wondering if this bug and this: bz#1369046 have some root cause.
Verified according to the steps in description on rhevm-4.0.6-0.1.el7ev.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2017-0043.html