Description of problem: Restricted user can see all groups, users, and tenants Version-Release number of selected component (if applicable): 5.8.0.10, also 5.7.2.1 How reproducible: 100% Steps to Reproduce: 1. Add role and group with tag 2. Add user and assign group to user 3. Log in as restricted user 4. Navigate to Configuration->Access Control 5. Check group list Actual results: All groups are available for restricted user Expected results: Group list should be empty for restricted user Additional info:
The following PRs address supporting RBAC tag filtering for users and groups - https://github.com/ManageIQ/manageiq/pull/14901 https://github.com/ManageIQ/manageiq/pull/14903 For tenants, it's clear whether filtering by managed tag is necessary or required. The original implementation of tenancy supports restricting a users view of other tenants by the hierarchy of the parent child relationships between tenants. Currently, a user in a particular tenant is only able to see his own tenant and all child tenants of that tenant. There was never a requirement to support additional filtering by tag. I think adding this additional tag filtering functionality adds a lot of complexity for a relatively small amount of benefit. I will move this BZ to POST after the above PRs are merged. I'd like for John Hardy to weigh in on the necessity of the additional tag filtering for tenants. We already have a WIP Pr for that.
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days