Created attachment 1242535 [details]
Description of problem:
User with Viewer role can't list subscriptions and settings although it has correct filters set
Version-Release number of selected component (if applicable):
WebUI and hammer
Steps to Reproduce:
1. Create user with Viewer role
2. List subscriptions or settings via hammer or WebUI
User are not able to view subscriptions and settings
User able to view subscriptions and settings
There is different errors for settings and subscriptions
Hammer - 403 Forbidden - server refused to process the request
WebUI - No such menu at all
WebUI - 403 error (see attached screenshot)
Hammer - return empty results
Created attachment 1242536 [details]
Hello, there are two parts here, settings and view subscriptions. Settings can be only viewed by administrator which is intentional. Settings are global for all organization and can be viewer more like application configuration, therefore non-admin users should not be able to see it or manipulate it.
Regarding subscriptions, it can be either caused by the fact that Viewer role does not contain view_subscriptions permissions (BZ 1304608) or by the fact that view_subscriptions permission is broken (BZ 1333219). So I suggest to verify whether customer can see a filter with resource type Organization and permission with view_subscriptions in Viewer role. It's not clear from "User with Viewer role can't list subscriptions and settings although it has correct filters set"
If they can not, close as dup of BZ 1304608, otherwise close as dup of BZ 1333219.
Btw the removal of access_setting permission is being tracked by this upstream issue http://projects.theforeman.org/issues/18440
*** This bug has been marked as a duplicate of bug 1333219 ***