Validated successful on AD and OpenLDAP FreeIPA, I had some users that could log in, but I had a user(hutteggera) that couldn't. [----] I, [2017-03-29T10:20:22.568835 #12008:d19e08] INFO -- : <AuditSuccess> MIQ(Authenticator.authenticate) userid: [hutteggera] - User huttegge ra successfully validated by External httpd [----] I, [2017-03-29T10:20:22.603384 #11931:80113c] INFO -- : MIQ(MiqQueue.put) Message id: [876], id: [], Zone: [default], Role: [smartstate], Server: [], Ident: [generic], Target id: [], Instance id: [], Task id: [job_dispatcher], Command: [JobProxyDispatcher.dispatch], Timeout: [600], Pr iority: [20], State: [ready], Deliver On: [], Data: [], Args: [] [----] I, [2017-03-29T10:20:22.623112 #12008:d19e08] INFO -- : MIQ(MiqTask#update_status) Task: [14] [Active] [Ok] [Authorizing] [----] I, [2017-03-29T10:20:22.774320 #12008:d19e08] INFO -- : MIQ(Authenticator::Httpd#authorize) Authorized User: [hutteggera] [----] I, [2017-03-29T10:20:22.774493 #12008:d19e08] INFO -- : MIQ(MiqTask#update_status) Task: [14] [Finished] [Ok] [User authorized successfully ] [----] I, [2017-03-29T10:20:22.808828 #12008:d19e08] INFO -- : <AuditSuccess> MIQ(Authenticator.authenticate) userid: [hutteggera] - Authenticatio n successful for user hutteggera [----] E, [2017-03-29T10:20:22.892331 #12008:d19e08] ERROR -- : <API> MIQ(Api::SettingsController.api_error) API Error [----] E, [2017-03-29T10:20:22.893201 #12008:d19e08] ERROR -- : <API> MIQ(Api::SettingsController.api_error) Api::ForbiddenError: Use of the read a ction is forbidden
Matt can you please validate that the hutteggera user has the correct permissions / roles?
this one is a doozy, almost a multi bug bz, the sui bug users no matter of if they are able to view or do anything should be let into the sui. The NON sui bug part is it looks like when a user that belongs to multiple groups each with multiple roles with varying product features, attempts to login,is not returning all the product features from all the roles of all the groups. gonna grab our api friend Tim to help with this one
https://github.com/ManageIQ/manageiq-ui-service/pull/617 above doesn't really do much for this bz, as there wasn't much to do, but as a result of this bz, verbiage was updated for clarity ends up the whole only returning product features for a users current group is by design, this can be closed! (right? )