1455011 – RHV-M portal shows incorrect inherited permission for users

Bug 1455011 - RHV-M portal shows incorrect inherited permission for users

Summary: RHV-M portal shows incorrect inherited permission for users

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine
Sub Component:
Version:	4.1.1
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	ovirt-4.2.0
Target Release:	---
Assignee:	Ondra Machacek
QA Contact:	Gonza
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1458013
TreeView+	depends on / blocked

Reported:	2017-05-24 02:54 UTC by nijin ashok
Modified:	2020-07-16 09:38 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:	undefined
Clone Of:
Clones:	1458013 (view as bug list)
Environment:
Last Closed:	2018-05-15 17:42:49 UTC
oVirt Team:	Infra
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
directory_group_user_a (96.41 KB, image/png) 2017-05-24 02:55 UTC, nijin ashok	no flags	Details
directory_group_user_b (96.41 KB, image/png) 2017-05-24 02:56 UTC, nijin ashok	no flags	Details
user_b incorrect permission (126.83 KB, image/png) 2017-05-24 02:57 UTC, nijin ashok	no flags	Details
Show Obsolete (1) View All

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2018:1488	None	None	None	2018-05-15 17:44:33 UTC
oVirt gerrit	77255	master	MERGED	core: Fix permissions subtab of users	2020-10-24 06:56:53 UTC
oVirt gerrit	77546	ovirt-engine-4.1	MERGED	core: Fix permissions subtab of users	2020-10-24 06:56:53 UTC

Description nijin ashok 2017-05-24 02:54:47 UTC

Description of problem:

In some scenarios, RHV-M displays incorrect permission for the users. This only happens with normal user and not with admin@internal user.  Please see "Steps to Reproduce" for more info.


Version-Release number of selected component (if applicable):

rhevm-4.1.1.8-0.1.el7.noarch

How reproducible:

100%

Steps to Reproduce:

1. Create two groups group_a and group_b and add a user_a to group_a and user_b to group_b. 

ovirt-aaa-jdbc-tool group-manage show group_a
Group: group_a(f497038d-98a3-44c8-a9c3-88ecb3654d66) members:
  User: user_a

ovirt-aaa-jdbc-tool group-manage show group_b
Group: group_b(29ceab89-df25-47bc-a4aa-f44f5b6d9271) members:
  User: user_b

2. Assign group_a as superuser on system object.
  
3. Login to admin portal with user_a.

4. Check the permission of user_b . Admin portal will show user_b has superuser role which is inherited from group_a although user_b is not a member of group_a.

5. This is only a "display" issue and user_b don't really have this permission and login to admin portal will fail for this user.


Actual results:

Permission is not shown correctly

Expected results:

Permission should show correctly

Additional info:

Attaching screenshots from my test environment. The customer who reported this issue is using AD .

Comment 1 nijin ashok 2017-05-24 02:55:33 UTC

Created attachment 1281820 [details]
directory_group_user_a

Comment 2 nijin ashok 2017-05-24 02:56:46 UTC

Created attachment 1281821 [details]
directory_group_user_b

Comment 3 nijin ashok 2017-05-24 02:57:49 UTC

Created attachment 1281822 [details]
user_b incorrect permission

Comment 4 Martin Perina 2017-05-24 06:35:01 UTC

Ondro, could you please take a look?

Comment 5 Ondra Machacek 2017-05-24 07:05:24 UTC

It always shows the group, which is the current logged in user part of. This is UI issue.

Comment 7 rhev-integ 2017-06-01 16:13:12 UTC

WARN: Bug status wasn't changed from MODIFIED to ON_QA due to the following reason:

[Found clone flags: ['rhevm-4.1.z', 'rhevm-4.2-ga'], ]

For more info please contact: rhv-devops: Bug status wasn't changed from MODIFIED to ON_QA due to the following reason:

[Found clone flags: ['rhevm-4.1.z', 'rhevm-4.2-ga'], ]

For more info please contact: rhv-devops

Comment 10 Gonza 2017-11-22 07:15:17 UTC

Verified with:
ovirt-engine-4.2.0-0.0.master.20171010095230.git721740e.el7.centos.noarch

Comment 13 errata-xmlrpc 2018-05-15 17:42:49 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:1488

Comment 14 Franta Kust 2019-05-16 13:09:05 UTC

BZ<2>Jira Resync

Note You need to log in before you can comment on or make changes to this bug.