Created attachment 1242535 [details] webui error Description of problem: User with Viewer role can't list subscriptions and settings although it has correct filters set Version-Release number of selected component (if applicable): 6.2.4 How reproducible: WebUI and hammer Steps to Reproduce: 1. Create user with Viewer role 2. List subscriptions or settings via hammer or WebUI Actual results: User are not able to view subscriptions and settings Expected results: User able to view subscriptions and settings Additional info: There is different errors for settings and subscriptions For settings: Hammer - 403 Forbidden - server refused to process the request WebUI - No such menu at all For subscriptions: WebUI - 403 error (see attached screenshot) Hammer - return empty results
Created attachment 1242536 [details] hammer errors
Hello, there are two parts here, settings and view subscriptions. Settings can be only viewed by administrator which is intentional. Settings are global for all organization and can be viewer more like application configuration, therefore non-admin users should not be able to see it or manipulate it. Regarding subscriptions, it can be either caused by the fact that Viewer role does not contain view_subscriptions permissions (BZ 1304608) or by the fact that view_subscriptions permission is broken (BZ 1333219). So I suggest to verify whether customer can see a filter with resource type Organization and permission with view_subscriptions in Viewer role. It's not clear from "User with Viewer role can't list subscriptions and settings although it has correct filters set" If they can not, close as dup of BZ 1304608, otherwise close as dup of BZ 1333219.
Btw the removal of access_setting permission is being tracked by this upstream issue http://projects.theforeman.org/issues/18440
*** This bug has been marked as a duplicate of bug 1333219 ***