Bug 1418216 - [RFE] add cluster level permissions on groups and users for pods/containers and images
Summary: [RFE] add cluster level permissions on groups and users for pods/containers a...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - OPS
Version: 5.7.0
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: GA
: cfme-future
Assignee: Loic Avenel
QA Contact: Dafna Ron
URL:
Whiteboard: container:rbac
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-02-01 09:50 UTC by Dafna Ron
Modified: 2018-07-01 18:47 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-07-01 18:47:19 UTC
Category: ---
Cloudforms Team: Container Management
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
screenshot (221.29 KB, image/png)
2017-02-01 09:50 UTC, Dafna Ron 		no flags Details
View All

Description Dafna Ron 2017-02-01 09:50:22 UTC 
Created attachment 1246597 [details]
screenshot

Description of problem:

when creating a new role, there is a way to limit the templates and vm's access to user and groups or specific users. 
This does not exist for containers providers and we have to limit access by tagging specific objects (which is not scalable). 

Version-Release number of selected component (if applicable):

cfme-5.7.1.0-2.el7cf.x86_64

How reproducible:

100%

Steps to Reproduce:
1. log in to cfme as admin user
2. navigate to configuration -> access control -> role
3. create a new role
4. there is a scroll for: VM & Template Access Restriction with two options: "only user and group owned" and "only user owned" 

Actual results:

for container providers, we cannot limit permissions to objects in a cluster level and have to add tag restriction per objects 

Expected results:

currently, it is very difficult to manage more accurate permissions to pods/containers and images in a cluster level. 

Additional info:
screenshot.
Note You need to log in before you can comment on or make changes to this bug.