Description of problem: User can see items from different groups but tagged by users group tag Version-Release number of selected component (if applicable): 5.7.1, 5.7.2, 5.8.0 How reproducible: 100% Steps to Reproduce: 1. As admin, create 2 tenants(tenant1, tenant2) 2. Create role with "Only group and user owned" restriction (user_role) 3. Add 2 groups with 'user_role' role and set 2 different tags (group1->tag1, group2->tag2) 4. Create 2 users, and assign to groups (group1-> user1, group2->user2) 5. Add provider (infra or cloud) 6. Set ownership for 2 instances (instance1->group1, instance2->group2) 7. Set tags for instances (instance1->tag2, instance2->tag1) 8. Get content for "Recently Discovered Vms" widget 9. Login as user1 or user2, navigate to dashboard Actual results: Widget displays 2 instances Expected results: With such configuration, user should not see any instances, as both groups also have tag restriction Additional info:
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0380