Bug 1458013 - [downstream clone - 4.1.3] RHV-M portal shows incorrect inherited permission for users
Summary: [downstream clone - 4.1.3] RHV-M portal shows incorrect inherited permission ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine
Version: 4.1.1
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ovirt-4.1.3
: ---
Assignee: Ondra Machacek
QA Contact: Lucie Leistnerova
URL:
Whiteboard:
Depends On: 1455011
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-06-01 18:53 UTC by rhev-integ
Modified: 2020-08-13 09:17 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1455011
Environment:
Last Closed: 2017-07-06 07:30:42 UTC
oVirt Team: Infra
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2017:1692 0 normal SHIPPED_LIVE Red Hat Virtualization Manager (ovirt-engine) 4.1.3 2017-07-06 11:24:35 UTC
oVirt gerrit 77255 0 master MERGED core: Fix permissions subtab of users 2021-02-15 11:32:39 UTC
oVirt gerrit 77546 0 ovirt-engine-4.1 MERGED core: Fix permissions subtab of users 2021-02-15 11:32:39 UTC

Description rhev-integ 2017-06-01 18:53:34 UTC 
+++ This bug is a downstream clone. The original bug is: +++
+++   bug 1455011 +++
======================================================================

Description of problem:

In some scenarios, RHV-M displays incorrect permission for the users. This only happens with normal user and not with admin@internal user.  Please see "Steps to Reproduce" for more info.


Version-Release number of selected component (if applicable):

rhevm-4.1.1.8-0.1.el7.noarch

How reproducible:

100%

Steps to Reproduce:

1. Create two groups group_a and group_b and add a user_a to group_a and user_b to group_b. 

ovirt-aaa-jdbc-tool group-manage show group_a
Group: group_a(f497038d-98a3-44c8-a9c3-88ecb3654d66) members:
  User: user_a

ovirt-aaa-jdbc-tool group-manage show group_b
Group: group_b(29ceab89-df25-47bc-a4aa-f44f5b6d9271) members:
  User: user_b

2. Assign group_a as superuser on system object.
  
3. Login to admin portal with user_a.

4. Check the permission of user_b . Admin portal will show user_b has superuser role which is inherited from group_a although user_b is not a member of group_a.

5. This is only a "display" issue and user_b don't really have this permission and login to admin portal will fail for this user.


Actual results:

Permission is not shown correctly

Expected results:

Permission should show correctly

Additional info:

Attaching screenshots from my test environment. The customer who reported this issue is using AD .

(Originally by Nijin Ashok)
Comment 1 rhev-integ 2017-06-01 18:53:42 UTC 
Created attachment 1281820 [details]
directory_group_user_a

(Originally by Nijin Ashok)
Comment 3 rhev-integ 2017-06-01 18:53:47 UTC 
Created attachment 1281821 [details]
directory_group_user_b

(Originally by Nijin Ashok)
Comment 4 rhev-integ 2017-06-01 18:53:53 UTC 
Created attachment 1281822 [details]
user_b incorrect permission

(Originally by Nijin Ashok)
Comment 5 rhev-integ 2017-06-01 18:53:58 UTC 
Ondro, could you please take a look?

(Originally by Martin Perina)
Comment 6 rhev-integ 2017-06-01 18:54:02 UTC 
It always shows the group, which is the current logged in user part of. This is UI issue.

(Originally by Ondra Machacek)
Comment 8 rhev-integ 2017-06-01 18:54:12 UTC 
WARN: Bug status wasn't changed from MODIFIED to ON_QA due to the following reason:

[Found clone flags: ['rhevm-4.1.z', 'rhevm-4.2-ga'], ]

For more info please contact: rhv-devops: Bug status wasn't changed from MODIFIED to ON_QA due to the following reason:

[Found clone flags: ['rhevm-4.1.z', 'rhevm-4.2-ga'], ]

For more info please contact: rhv-devops

(Originally by rhev-integ)
Comment 10 Lucie Leistnerova 2017-06-21 12:30:26 UTC 
User in group without superuser doesn't have superuser in Permissions.

verified in ovirt-engine-4.1.3.4-0.1.el7.noarch
Comment 13 errata-xmlrpc 2017-07-06 07:30:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1692
Note You need to log in before you can comment on or make changes to this bug.