Bug 1389211 - Group permissions at cluster level
Summary: Group permissions at cluster level
Keywords:
Status: CLOSED DUPLICATE of bug 1389251
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: AAA
Version: 4.0.4.4
Hardware: x86_64
OS: All
unspecified
medium
Target Milestone: ---
: ---
Assignee: Ravi Nori
QA Contact: Gonza
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-10-27 08:10 UTC by Paul
Modified: 2016-10-30 04:06 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2016-10-30 04:06:03 UTC
oVirt Team: Infra
Embargoed:
rule-engine: planning_ack?
rule-engine: devel_ack?
rule-engine: testing_ack?

Attachments (Terms of Use)

Description Paul 2016-10-27 08:10:26 UTC 
Description of problem: If I apply group permissions using the PowerUserRole to the cluster itself, then any VMs created in the user portal by users in that group don’t get the UserVmManager role applied correctly. The user, authorization provider and namespace fields are all blank meaning that the VM is visible to all users on the platform.

If you do this with individual users’ permissions though, it works as 
expected and they get the UserVmManager role assigned to their 
username on the VM.




Version-Release number of selected component (if applicable):


How reproducible:All the time


Steps to Reproduce:
1. Associate platform with Active Directory
2. Apply AD group permissions to cluster with PowerUserRole
3. Get a member of that group to create a VM
4. Check permissions on VM in admin portal
5. Login as a user that's not in that group and you can see the new VM.

Actual results:VM created by user in 1 group is visible to all groups.


Expected results:Only the users in that group should be able to see the VM in the portal


Additional info:
Comment 1 Ravi Nori 2016-10-30 04:06:03 UTC 

*** This bug has been marked as a duplicate of bug 1389251 ***
Note You need to log in before you can comment on or make changes to this bug.