Hide Forgot
Description of problem: Customer is requesting for a modification be made to the permissions for host collections to allow a user to only be able to edit a certain group of hosts in a host collection without being able to view/edit all other content hosts. Version-Release number of selected component (if applicable): 6.1.10 How reproducible: everytime Steps to Reproduce: 1.Create host collection group 2.Create new user, provide access to view/edit host collection (view/edit for content host is required for this) 3.User can now edit and view all content hosts Actual results: New user has access to all content hosts to view/edit Expected results: User can not view/edit any other hosts not included in the host collection group Additional info:
Would a role with the filters in the attached screenshot support the request? If not, please let me know what capabilities are lacking.
Created attachment 1218233 [details] Limited Host Collection Permission - limited by host
(In reply to Brad Buckingham from comment #1) > Would a role with the filters in the attached screenshot support the request? > > If not, please let me know what capabilities are lacking. Hey Brad, It was my understanding when recreating this problem that a user can not have access to view or edit a host collection without the permissions to view/edit content hosts. Please let me know if there is a configuration that I'm missing.
Taft, user can define a role that only contains permission for Host collection resource type. If user does not have any permission for the resource type Host, he/she can still edit host collections. I checked the case and my understanding of the request was different. The customer wanted to scope hosts that users can manage by host collection or host group. Since 6.2 it's possible to limit what hosts can the user manage based on in which host collection the host is assigned to, please see BZ https://bugzilla.redhat.com/show_bug.cgi?id=1269997 where I refer to documentation. The customer also asked whether he could use host groups for this. The answer is yes, the difference between host groups and host collection is that each host can be assigned to only one host group which determines its classification, while the same host can be assigned to multiple host collections. So it depends on their use case but both can be used to restrict access. I'm closing this as duplicate of BZ 1269997, if you think I misunderstood the request, please reopen otherwise please link the case accordingly. Thank you. *** This bug has been marked as a duplicate of bug 1269997 ***