Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1389211

Summary: Group permissions at cluster level
Product: [oVirt] ovirt-engine Reporter: Paul <paul.woodward>
Component: AAAAssignee: Ravi Nori <rnori>
Status: CLOSED DUPLICATE QA Contact: Gonza <grafuls>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.0.4.4CC: bugs
Target Milestone: ---Flags: rule-engine: planning_ack?
rule-engine: devel_ack?
rule-engine: testing_ack?
Target Release: ---   
Hardware: x86_64   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-10-30 04:06:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Paul 2016-10-27 08:10:26 UTC 
Description of problem: If I apply group permissions using the PowerUserRole to the cluster itself, then any VMs created in the user portal by users in that group don’t get the UserVmManager role applied correctly. The user, authorization provider and namespace fields are all blank meaning that the VM is visible to all users on the platform.

If you do this with individual users’ permissions though, it works as 
expected and they get the UserVmManager role assigned to their 
username on the VM.




Version-Release number of selected component (if applicable):


How reproducible:All the time


Steps to Reproduce:
1. Associate platform with Active Directory
2. Apply AD group permissions to cluster with PowerUserRole
3. Get a member of that group to create a VM
4. Check permissions on VM in admin portal
5. Login as a user that's not in that group and you can see the new VM.

Actual results:VM created by user in 1 group is visible to all groups.


Expected results:Only the users in that group should be able to see the VM in the portal


Additional info:
Comment 1 Ravi Nori 2016-10-30 04:06:03 UTC 

*** This bug has been marked as a duplicate of bug 1389251 ***