Description of problem: In clean installation, Manager and Organization admin roles do not contain all permissions, e.g. it contains on view_compute_profiles but not edit/destroy/create permission for this resource The cause is that hardcoded list in db/seeds.d/02-roles_list.rb is not complete. Version-Release number of selected component (if applicable): Satellite 6.3 snap 9 / Foreman nightly (1.16-develop) How reproducible: 100% Steps to Reproduce: 1. install Satellite / Foreman 2. navigate to Manager role, see filters 3. try to find edit_compute_profiles Actual results: no such permission can be found Expected results: every permission should be included in Manager role, Organization admin should contain similar set just without organization management Additional info:
Created redmine issue http://projects.theforeman.org/issues/20483 from this bug
Full list of missing permissions: ["access_dashboard", "assign_organizations", "create_compute_profiles", "create_config_groups", "create_external_usergroups", "create_filters", "create_organizations", "create_roles", "destroy_compute_profiles", "destroy_config_groups", "destroy_external_usergroups", "destroy_filters", "destroy_keypairs", "destroy_organizations", "destroy_roles", "edit_compute_profiles", "edit_config_groups", "edit_external_usergroups", "edit_filters", "edit_organizations", "edit_roles", "lock_provisioning_templates", "lock_ptables"]
Upstream bug assigned to mhulan
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/20483 has been resolved.
"access_dashboard", [ exists ] in miscellaneous "assign_organizations", [ exists ] "create_compute_profiles", [ Exists ] "create_config_groups", [ exists ] "create_external_usergroups", [ exists ] "create_filters", [ exists ] "create_organizations", [ exists ] "create_roles", [ exists ] "destroy_compute_profiles", [ Exists ] "destroy_config_groups", [ Exists ] "destroy_external_usergroups", [ exists ] "destroy_filters", [ exists ] "destroy_keypairs", [ exists ] "destroy_organizations", [ exists ] "destroy_roles", [ exists ] "edit_compute_profiles", [ Exists ] "edit_config_groups", [ Exists ] "edit_external_usergroups", [ exists ] "edit_filters", [ exists ] "edit_organizations", [ exists ] "edit_roles", [ exists ] "lock_provisioning_templates", [ exists ] "lock_ptables" [ exists ] VERIFIED With sat6.3.0 snap15.0
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. > > For information on the advisory, and where to find the updated files, follow the link below. > > If the solution does not work for you, open a new bug report. > > https://access.redhat.com/errata/RHSA-2018:0336