1412450 – Tenant admin can create a super admin

Bug 1412450 - Tenant admin can create a super admin

Summary: Tenant admin can create a super admin

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat CloudForms Management Engine
Classification:	Red Hat
Component:	UI - OPS
Sub Component:
Version:	5.7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	GA
Target Release:	5.8.0
Assignee:	Šimon Lukašík
QA Contact:	Pavol Kotvan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1413123 1413180
TreeView+	depends on / blocked

Reported:	2017-01-12 03:34 UTC by Satoe Imaishi
Modified:	2018-03-14 10:02 UTC (History)
CC List:	4 users (show)
Fixed In Version:	5.8.0.0
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1413123 1413180 (view as bug list)
Environment:
Last Closed:	2017-06-12 16:03:57 UTC
Category:	---
Cloudforms Team:	---
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Satoe Imaishi 2017-01-12 03:34:35 UTC

ManageIQ issue https://github.com/ManageIQ/manageiq/issues/13291:

Steps to reproduce:

1. Create child tenant: "My tenant"
2. Create group with:
  - "My Tenant admin group" with role: "EvmRole-tenant_administrator"
  - Tenant: "My tenant"
3. Create tenant admin user "tenantadmin" with group "My Tenant admin group"
4. login as tenant admin

I can now create a new user with the group "EvmRole-super_administrator"

This escalates the privileges of a tenant admin to global admin, defeating the tenant separation.

Comment 2 Satoe Imaishi 2017-01-12 03:35:48 UTC

PR: https://github.com/ManageIQ/manageiq-ui-classic/pull/127

Note You need to log in before you can comment on or make changes to this bug.