Description of problem: User is not able to edit her profile - Connect Automatically and SSH Public Key options, this is little bit annoying. It seems UserProfileEditor should be assinged to Everyone but this is not the case. ~~~ Operation Canceled Error while executing action: User is not authorized to perform this action. ~~~ ~~~ 2016-10-27 09:29:36,705 DEBUG [org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl] (default task-13) [] Action type 'AddUserProfile', Parameters 'UserProfileParameters:{commandId='null', user='null', commandType='Unknown'}' 2016-10-27 09:29:36,705 DEBUG [org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl] (default task-13) [] IP '10.34.130.200', Session ID 'cmuQB0i_Z4AC9irKP6p8qa5LycsfmxCoy9Y4jAJB' 2016-10-27 09:29:36,707 DEBUG [org.ovirt.engine.core.bll.Backend] (default task-13) [] Executing command AddUserProfile for user user2.com.com. 2016-10-27 09:29:36,710 DEBUG [org.ovirt.engine.core.bll.AddUserProfileCommand] (default task-13) [6203a4ba] Checking whether user 'e1cab3b7-04dd-41c6-86e3-6815580bbe6f' or one of the groups he is member of, have the following permissions: ID: e1cab3b7-04dd-41c6-86e3-6815580bbe6f Type: SystemAction group EDIT_PROFILE with role type USER 2016-10-27 09:29:36,713 DEBUG [org.ovirt.engine.core.bll.AddUserProfileCommand] (default task-13) [6203a4ba] No permission found for user when running action 'AddUserProfile', on object 'System' for action group 'EDIT_PROFILE' with id 'e1cab3b7-04dd-41c6-86e3-6815580bbe6f'. 2016-10-27 09:29:36,713 INFO [org.ovirt.engine.core.bll.AddUserProfileCommand] (default task-13) [6203a4ba] No permission found for user 'e1cab3b7-04dd-41c6-86e3-6815580bbe6f' or one of the groups he is member of, when running action 'AddUserProfile', Required permissions are: Action type: 'USER' Action group: 'EDIT_PROFILE' Object type: 'System' Object ID: 'e1cab3b7-04dd-41c6-86e3-6815580bbe6f'. 2016-10-27 09:29:36,713 WARN [org.ovirt.engine.core.bll.AddUserProfileCommand] (default task-13) [6203a4ba] Validation of action 'AddUserProfile' failed for user user2.com.com. Reasons: VAR__ACTION__ADD,VAR__TYPE__USER_PROFILE,USER_NOT_AUTHORIZED_TO_PERFORM_ACTION ~~~ ~~~ engine=# select * from permissions_view where owner_name = 'Everyone' and role_name like '%Profile%'; id | role_id | ad_element_id | object_id | object_type_id | role_name | role_type | allow s_viewing_children | app_mode | object_name | owner_name | namespace | authz | creation_date --------------------------------------+--------------------------------------+--------------------------------------+--------------------------------------+----------------+--------------------+-----------+------ -------------------+----------+-------------+------------+-----------+-------+--------------- 0000000b-000b-000b-000b-0000000001d5 | def0000a-0000-0000-0000-def000000010 | eee00000-0000-0000-0000-123456789eee | 0000000a-000a-000a-000a-000000000398 | 27 | VnicProfileUser | 2 | f | 1 | ovirtmgmt | Everyone | * | | 1464176821 00000019-0019-0019-0019-0000000001e7 | def00017-0000-0000-0000-def000000017 | eee00000-0000-0000-0000-123456789eee | 0000000e-000e-000e-000e-0000000003a7 | 30 | CpuProfileOperator | 2 | f | 1 | Default | Everyone | * | | 1464176833 b07036d5-19ad-41fc-9adc-b3d93658d9ed | def00020-0000-0000-0000-abc000000010 | eee00000-0000-0000-0000-123456789eee | 71a670d1-cc8a-4409-b432-b0cfebc7b279 | 29 | DiskProfileUser | 2 | f | 1 | jb-rhevm40 | Everyone | * | | 1464188434 f5cbc0aa-69d2-480f-be87-f519f474f1b8 | def00020-0000-0000-0000-abc000000010 | eee00000-0000-0000-0000-123456789eee | 19c7437d-f6a7-4bea-8e82-c2325cd43ab3 | 29 | DiskProfileUser | 2 | f | 1 | | Everyone | * | | 1470141808 e3e3bc1e-2e67-4fbb-ae0c-e793cf228e88 | def00017-0000-0000-0000-def000000017 | eee00000-0000-0000-0000-123456789eee | 03d9f80a-9fcb-4248-9691-d551e7756c29 | 30 | CpuProfileOperator | 2 | f | 1 | test | Everyone | * | | 1477293622 (5 rows) ~~~ Version-Release number of selected component (if applicable): 4.0.5-3 How reproducible: 100% Steps to Reproduce: 1. login to User Portal and change option not to automatically connect to console 2. 3. Actual results: not possible, auth error Expected results: should work Additional info:
putting Regression keyword as enabling/disabling auto-connect feature used to work in previous versions.
*** Bug 1389211 has been marked as a duplicate of this bug. ***
This bug report has Keywords: Regression or TestBlocker. Since no regressions or test blockers are allowed between releases, it is also being identified as a blocker for this release. Please resolve ASAP.
*** Bug 1390844 has been marked as a duplicate of this bug. ***
*** Bug 1391097 has been marked as a duplicate of this bug. ***
I checked the system in question and looks like the System permission UserProfileEditor for Everyone was removed. This can be fixed by adding the System permission for admin and then updating the permissions table update permissions set ad_element_id = 'eee00000-0000-0000-0000-123456789eee' where role_id in (select roles.id from roles where roles.name = 'UserProfileEditor');
Or you can directly insert the permissions SELECT insertpermission( 'eee00000-0000-0000-0000-123456789eee', '56ab2888-a1dc-11e6-82ab-104a7da11e4a', 'def00021-0000-0000-0000-def000000015', 'aaa00000-0000-0000-0000-123456789aaa', 1 );
ok, with an IPA user just with UserRole on a cluster. ovirt-engine-backend-4.0.6.1-0.1.el7ev.noarch engine=# select login_name,ssh_public_key from user_profiles_view ; -[ RECORD 1 ]--+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- login_name | user1.com ssh_public_key | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7deq1vJOnb+/Ee1hL2+z+D6UbiI+Ww8sAoMl62PSJfKa7xgYG+B3pArtoa7lc9krs9hKQ+L7gh65ekaXNRCY+CrCWgrT8+rnPGFubbxiVzYS2z+koA+nZ/1RTu7GPFupsQUutQniG4X3kurUlLQldhm9wsoA8Fyc2Se//Fr0uqJw4LrLraGRS4cLaAh1dIv78/ymZyWj4V7xB5B9/Fq9J3+SA/UR1px3TKM9/V5SyzbJJ9d5I/2PjYv8AAtmzqA87PwNtfMGFEtM3ze1MlaQnzsYAOg84TM9UYieiUeVdpfnM7hIhHiqSTTNTaN0mtsGAA2g2lf+kccft6CeichAb