Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1462388

Summary: [Bug] Creating Host Group using non-admin user with custom defined role do nothing/greyed out
Product: Red Hat Satellite Reporter: jalviso <jalviso>
Component: Users & RolesAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED DUPLICATE QA Contact: Katello QA List <katello-qa-list>
Severity: medium Docs Contact:
Priority: medium    
Version: UnspecifiedCC: bbuckingham, dhawke, dhlavacd, jcallaha, mhulan
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-06-30 14:00:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description jalviso 2017-06-17 00:33:13 UTC 
Description of problem:
Creating Host Group using non-admin user with custom defined role, do nothing/greyed out. 

Version-Release number of selected component (if applicable):
6.2+ up to 6.2.9


How reproducible:


Steps to Reproduce:
1. Create the user with Location/Organization
2. Add the custom role with added filter/permission, search o Host Group as:

Host Group 	edit_hostgroups, destroy_hostgroups, create_hostgroups, view_hostgroups   name ~ org*
Location 	view_locations

3. Create a Host Group

Actual results:

It does nothing. Tail of production log shows:

2017-06-08 17:15:06 b7285435 [app] [I] Started POST "/hostgroups" for 10.64.0.215 at 2017-06-08 17:15:06 +1000
2017-06-08 17:15:06 b7285435 [app] [I] Processing by HostgroupsController#create as */*
2017-06-08 17:15:06 b7285435 [app] [I]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"8mp1cIDFW4wvkMTnglA/E32LrveoRlI7NtCD63Shx5o=", "hostgroup"=>{"parent_id"=>"", "name"=>"ossj", "lifecycle_environment_id"=>"1", "content_view_id"=>"9", "environment_id"=>"3", "content_source_id"=>"1", "puppet_ca_proxy_id"=>"1", "puppet_proxy_id"=>"1", "openscap_proxy_id"=>"", "puppetclass_ids"=>[""], "domain_id"=>"", "realm_id"=>"", "architecture_id"=>"1", "operatingsystem_id"=>"2", "ptable_id"=>"61", "root_pass"=>"[FILTERED]", "location_ids"=>["2", ""], "id"=>""}, "kt_activation_keys"=>""}
2017-06-08 17:15:06 b7285435 [app] [D] Setting current user thread-local variable to testuser
2017-06-08 17:15:06 b7285435 [app] [D] Setting current organization thread-local variable to gss
2017-06-08 17:15:06 b7285435 [app] [D] Setting current location thread-local variable to bne
2017-06-08 17:15:06 b7285435 [app] [I] Failed to save: Location ids Invalid locations selection, you must select at least one of yours   <===========
2017-06-08 17:15:06 b7285435 [app] [I]   Rendered puppetclasses/_classes.html.erb (6.4ms)
2017-06-08 17:15:06 b7285435 [app] [I]   Rendered puppetclasses/_class_selection.html.erb (31.5ms)

Expected results:

It should at least gives an error message that something is missing.

Additional info:

The Host Group was created when adding "assign_locations":

Location:  	assign_locations, view_locations

The user has already Location/Organization assigned, but it seems like the Location define in Roles specifically ask to assign Location again. Is this expected behaviour?
Comment 2 Marek Hulan 2017-06-30 14:00:28 UTC 
Yes, this is intended behavior. Users must be assigned to organization/location so they can work with it (select it in top left corner, see it's resources). The view_organizations and view_locations is also required if users want to list existing orgs/locs in Administer menu. The assign_organizations and assign_locations are used when user tries to create/update some resource, e.g. subnet. The form contains tabs "Locations" and "Organizations", users can see only those that they have assign permission for. The reason is that by assigning the organization/location to the resource, you're not just updating the resource but the organization/location itself and potentially letting users from the new scope work with the existing resource. Therefore we have extra permission so users can set it very granularly.

I agree the validation message is confusing since it does not mention anything about assign permission. This is being addressed by BZ 1464137, so I'm setting this as a duplicate. Please reopen if something is not clear or I misunderstood the question.

*** This bug has been marked as a duplicate of bug 1464137 ***