Bug 1391081 - [RFE] Edit a host collection group without having access to all content hosts
Summary: [RFE] Edit a host collection group without having access to all content hosts
Keywords:
Status: CLOSED DUPLICATE of bug 1269997
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Host Collections
Version: 6.1.10
Hardware: x86_64
OS: Linux
unspecified
medium vote
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-02 14:17 UTC by Taft Sanders
Modified: 2020-01-17 16:07 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-01-04 11:39:34 UTC
Target Upstream Version:

Attachments (Terms of Use)
Limited Host Collection Permission - limited by host (58.22 KB, image/png)
2016-11-07 20:03 UTC, Brad Buckingham 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Taft Sanders 2016-11-02 14:17:03 UTC 
Description of problem:
Customer is requesting for a modification be made to the permissions for host collections to allow a user to only be able to edit a certain group of hosts in a host collection without being able to view/edit all other content hosts.

Version-Release number of selected component (if applicable):
6.1.10

How reproducible:
everytime

Steps to Reproduce:
1.Create host collection group
2.Create new user, provide access to view/edit host collection (view/edit for content host is required for this)
3.User can now edit and view all content hosts

Actual results:
New user has access to all content hosts to view/edit

Expected results:
User can not view/edit any other hosts not included in the host collection group

Additional info:
Comment 1 Brad Buckingham 2016-11-07 20:03:26 UTC 
Would a role with the filters in the attached screenshot support the request?

If not, please let me know what capabilities are lacking.
Comment 2 Brad Buckingham 2016-11-07 20:03:54 UTC 
Created attachment 1218233 [details]
Limited Host Collection Permission - limited by host
Comment 3 Taft Sanders 2016-11-22 19:34:56 UTC 
(In reply to Brad Buckingham from comment #1)
> Would a role with the filters in the attached screenshot support the request?
> 
> If not, please let me know what capabilities are lacking.

Hey Brad,

It was my understanding when recreating this problem that a user can not have access to view or edit a host collection without the permissions to view/edit content hosts. Please let me know if there is a configuration that I'm missing.
Comment 4 Marek Hulan 2017-01-04 11:39:34 UTC 
Taft, user can define a role that only contains permission for Host collection resource type. If user does not have any permission for the resource type Host, he/she can still edit host collections.

I checked the case and my understanding of the request was different. The customer wanted to scope hosts that users can manage by host collection or host group. Since 6.2 it's possible to limit what hosts can the user manage based on in which host collection the host is assigned to, please see BZ https://bugzilla.redhat.com/show_bug.cgi?id=1269997 where I refer to documentation.

The customer also asked whether he could use host groups for this. The answer is yes, the difference between host groups and host collection is that each host can be assigned to only one host group which determines its classification, while the same host can be assigned to multiple host collections. So it depends on their use case but both can be used to restrict access.

I'm closing this as duplicate of BZ 1269997, if you think I misunderstood the request, please reopen otherwise please link the case accordingly. Thank you.

*** This bug has been marked as a duplicate of bug 1269997 ***
Note You need to log in before you can comment on or make changes to this bug.