Bug 1477598 - Some core permissions are missing from Manager and Organization admin roles
Some core permissions are missing from Manager and Organization admin roles
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Users & Roles (Show other bugs)
Unspecified Unspecified
unspecified Severity high (vote)
: GA
: --
Assigned To: Marek Hulan
Kedar Bidarkar
: Triaged
Depends On:
  Show dependency treegraph
Reported: 2017-08-02 08:41 EDT by Marek Hulan
Modified: 2018-02-21 11:51 EST (History)
6 users (show)

See Also:
Fixed In Version: foreman-1.15.3
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2018-02-21 11:51:07 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Foreman Issue Tracker 20483 None None None 2017-08-02 08:42 EDT

  None (edit)
Description Marek Hulan 2017-08-02 08:41:28 EDT
Description of problem:

In clean installation, Manager and Organization admin roles do not contain all permissions, e.g.

it contains on view_compute_profiles but not edit/destroy/create permission for this resource

The cause is that hardcoded list in db/seeds.d/02-roles_list.rb is not complete.

Version-Release number of selected component (if applicable):

Satellite 6.3 snap 9 / Foreman nightly (1.16-develop)

How reproducible:


Steps to Reproduce:
1. install Satellite / Foreman
2. navigate to Manager role, see filters
3. try to find edit_compute_profiles 

Actual results:

no such permission can be found

Expected results:

every permission should be included in Manager role, Organization admin should contain similar set just without organization management
Additional info:
Comment 1 Marek Hulan 2017-08-02 08:42:09 EDT
Created redmine issue http://projects.theforeman.org/issues/20483 from this bug
Comment 3 Marek Hulan 2017-08-02 08:47:42 EDT
Full list of missing permissions:

Comment 4 pm-sat@redhat.com 2017-08-02 10:16:15 EDT
Upstream bug assigned to mhulan@redhat.com
Comment 5 pm-sat@redhat.com 2017-08-02 10:16:18 EDT
Upstream bug assigned to mhulan@redhat.com
Comment 6 pm-sat@redhat.com 2017-08-08 06:14:52 EDT
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/20483 has been resolved.
Comment 7 Kedar Bidarkar 2017-09-11 12:34:21 EDT
 "access_dashboard",    [ exists ] in miscellaneous
 "assign_organizations",      [ exists ]
 "create_compute_profiles",   [ Exists ]
 "create_config_groups",      [ exists ]
 "create_external_usergroups", [ exists ]
 "create_filters",             [ exists ]
 "create_organizations",      [ exists ]
 "create_roles",              [ exists ]
 "destroy_compute_profiles",  [ Exists ]
 "destroy_config_groups",     [ Exists ]
 "destroy_external_usergroups", [ exists ]
 "destroy_filters", [ exists ]
 "destroy_keypairs", [ exists ]
 "destroy_organizations", [ exists ]
 "destroy_roles",    [ exists ]
 "edit_compute_profiles",  [ Exists ]
 "edit_config_groups", [ Exists ]
 "edit_external_usergroups", [ exists ]
 "edit_filters", [ exists ]
 "edit_organizations", [ exists ]
 "edit_roles",  [ exists ]
 "lock_provisioning_templates", [ exists ]
 "lock_ptables" [ exists ]

VERIFIED With sat6.3.0 snap15.0
Comment 8 pm-sat@redhat.com 2018-02-21 11:51:07 EST
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> For information on the advisory, and where to find the updated files, follow the link below.
> If the solution does not work for you, open a new bug report.
> https://access.redhat.com/errata/RHSA-2018:0336

Note You need to log in before you can comment on or make changes to this bug.