Hide Forgot
Description of problem: A tenant with superadmin can delete another tenants service dialogs without being part of the tenant. Version-Release number of selected component (if applicable): 5.6.3.3.20161128141841_49d925b How reproducible: Steps to Reproduce: 1. Create tenant1 and tenant2. 2. Create a project under tenant1 or tenant2 3. Create a group and add role superadmin 4. Create a user and add it to the group. 5. Login with the newly created user from tenant1 and create a service dialog 6. Login with the newly created user from tenant2 and delete the dialog. Actual results: Tenant 2 can delete tenant1's dialog even if he does not own it. Expected results: Tenant 2 should not see tenant1's dialogs. Tenant2 should not be able to delete tenant 1's dialogs. Additional info:
Please assess the impact of this issue and update the severity accordingly. Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity for a reminder on each severity's definition.
Bug Closure Dear customer, The CloudForms team is reviewing the current CloudForms Bug(defect) backlog in order to target engineering efforts. We are closing any bugs for versions that no longer have an active errata stream or that have hit their age limit. We are committing to better management of the backlog as we move forward. If you have an bug that you are still able to reproduce on a current version of CloudForms please open a new bug. If you have any concerns about this, please let us know. Thanks and regards!