New commit detected on ManageIQ/manageiq-ui-service/fine:
https://github.com/ManageIQ/manageiq-ui-self_service/commit/e93af55ec6b01e815dbd54d75c240754c83a0009

commit e93af55ec6b01e815dbd54d75c240754c83a0009
Author:     Chris Kacerguis <chriskacerguis.github.com>
AuthorDate: Wed Apr 19 16:14:37 2017 -0500
Commit:     Satoe Imaishi <simaishi>
CommitDate: Wed Apr 19 20:38:49 2017 -0400

    Merge pull request #693 from AllenBW/bz/1440931-block-unpriveleged-user-login
    
    BZ#1440931-Refuse login for users with only dashboard role
    (cherry picked from commit 8a7e8ca887df68340df218212e6847909007f3d5)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1443800

 client/app/core/rbac.service.js         | 3 +--
 client/app/core/session.service.spec.js | 5 -----
 2 files changed, 1 insertion(+), 7 deletions(-)

Validated in MIQLDAP (FreeIPA)  5.8.0.12-rc1

Validated in External Auth FreeIPA,AD,OpenLDAP 5.8.0.14-rc3

I'm reopening this. While the user who doesn't have the correct perms, now get's a proper error messsage in the UI. "  Error! You do not have permission to view the Service UI. Contact your administrator to update your group permissions."  The evm.log shows that they have been authorized successfully which is not true.

The evm.log should show that the user didn't have proper permissions.

[----] I, [2017-05-18T12:04:53.961002 #12144:11c7004]  INFO -- : <AuditSuccess> MIQ(Authenticator.authenticate) userid: [test-user5] - User test-
user5 successfully validated by External httpd
[----] I, [2017-05-18T12:04:53.979072 #12144:11c7004]  INFO -- : MIQ(MiqTask#update_status) Task: [176] [Active] [Ok] [Authorizing]
[----] I, [2017-05-18T12:04:54.011490 #12144:11c7004]  INFO -- : MIQ(Authenticator::Httpd#authorize) Authorized User: [test-user5]
[----] I, [2017-05-18T12:04:54.011710 #12144:11c7004]  INFO -- : MIQ(MiqTask#update_status) Task: [176] [Finished] [Ok] [User authorized successf
ully]
[----] I, [2017-05-18T12:04:54.034520 #12144:11c7004]  INFO -- : <AuditSuccess> MIQ(Authenticator.authenticate) userid: [test-user5] - Authentica
tion successful for user test-user5


Specifically this line:

[----] I, [2017-05-18T12:04:54.011710 #12144:11c7004]  INFO -- : MIQ(MiqTask#update_status) Task: [176] [Finished] [Ok] [User authorized successf
ully]

Which is not true. they are not authorized.

Validated that the user gets an error message in SSUI in External Auth FreeIPA,AD,OpenLDAP 5.8.0.14-rc3

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:1367