Bug 1414912 - User with Viewer role are not able to view subscriptions and settings
Summary: User with Viewer role are not able to view subscriptions and settings
Keywords:
Status: CLOSED DUPLICATE of bug 1333219
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Users & Roles
Version: 6.2.6
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-19 17:25 UTC by Konstantin Trufanov
Modified: 2020-04-15 15:07 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-02-10 08:46:06 UTC
Target Upstream Version:


Attachments (Terms of Use)
webui error (98.42 KB, image/png)
2017-01-19 17:25 UTC, Konstantin Trufanov
no flags Details
hammer errors (30.93 KB, image/png)
2017-01-19 17:26 UTC, Konstantin Trufanov
no flags Details

Description Konstantin Trufanov 2017-01-19 17:25:29 UTC
Created attachment 1242535 [details]
webui error

Description of problem:

User with Viewer role can't list subscriptions and settings although it has correct filters set


Version-Release number of selected component (if applicable):

6.2.4

How reproducible:

WebUI and hammer

Steps to Reproduce:
1. Create user with Viewer role
2. List subscriptions or settings via hammer or WebUI

Actual results:

User are not able to view subscriptions and settings

Expected results:

User able to view subscriptions and settings

Additional info:

There is different errors for settings and subscriptions

For settings:

    Hammer - 403 Forbidden - server refused to process the request
    WebUI - No such menu at all

For subscriptions:

    WebUI - 403 error (see attached screenshot)
    Hammer - return empty results

Comment 1 Konstantin Trufanov 2017-01-19 17:26:06 UTC
Created attachment 1242536 [details]
hammer errors

Comment 2 Marek Hulan 2017-01-20 08:46:52 UTC
Hello, there are two parts here, settings and view subscriptions. Settings can be only viewed by administrator which is intentional. Settings are global for all organization and can be viewer more like application configuration, therefore non-admin users should not be able to see it or manipulate it.

Regarding subscriptions, it can be either caused by the fact that Viewer role does not contain view_subscriptions permissions (BZ 1304608) or by the fact that view_subscriptions permission is broken (BZ 1333219). So I suggest to verify whether customer can see a filter with resource type Organization and permission with view_subscriptions in Viewer role. It's not clear from "User with Viewer role can't list subscriptions and settings although it has correct filters set" 

If they can not, close as dup of BZ 1304608, otherwise close as dup of BZ 1333219.

Comment 3 Marek Hulan 2017-02-09 13:11:37 UTC
Btw the removal of access_setting permission is being tracked by this upstream issue http://projects.theforeman.org/issues/18440

Comment 4 Konstantin Trufanov 2017-02-10 08:46:06 UTC

*** This bug has been marked as a duplicate of bug 1333219 ***


Note You need to log in before you can comment on or make changes to this bug.