1477598 – Some core permissions are missing from Manager and Organization admin roles

Bug 1477598 - Some core permissions are missing from Manager and Organization admin roles

Summary: Some core permissions are missing from Manager and Organization admin roles

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Users & Roles
Sub Component:
Version:	6.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	Unspecified
Assignee:	Marek Hulan
QA Contact:	Kedar Bidarkar
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-08-02 12:41 UTC by Marek Hulan
Modified:	2019-08-12 14:06 UTC (History)
CC List:	6 users (show)
Fixed In Version:	foreman-1.15.3
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-02-21 16:51:07 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	20483	0	Normal	Closed	Some core permissions are missing from Manager and Organization admin roles	2020-09-15 02:04:25 UTC

Description Marek Hulan 2017-08-02 12:41:28 UTC

Description of problem:

In clean installation, Manager and Organization admin roles do not contain all permissions, e.g.

it contains on view_compute_profiles but not edit/destroy/create permission for this resource

The cause is that hardcoded list in db/seeds.d/02-roles_list.rb is not complete.

Version-Release number of selected component (if applicable):

Satellite 6.3 snap 9 / Foreman nightly (1.16-develop)

How reproducible:

100%

Steps to Reproduce:
1. install Satellite / Foreman
2. navigate to Manager role, see filters
3. try to find edit_compute_profiles 

Actual results:

no such permission can be found

Expected results:

every permission should be included in Manager role, Organization admin should contain similar set just without organization management
Additional info:

Comment 1 Marek Hulan 2017-08-02 12:42:09 UTC

Created redmine issue http://projects.theforeman.org/issues/20483 from this bug

Comment 3 Marek Hulan 2017-08-02 12:47:42 UTC

Full list of missing permissions:

["access_dashboard",
 "assign_organizations",
 "create_compute_profiles",
 "create_config_groups",
 "create_external_usergroups",
 "create_filters",
 "create_organizations",
 "create_roles",
 "destroy_compute_profiles",
 "destroy_config_groups",
 "destroy_external_usergroups",
 "destroy_filters",
 "destroy_keypairs",
 "destroy_organizations",
 "destroy_roles",
 "edit_compute_profiles",
 "edit_config_groups",
 "edit_external_usergroups",
 "edit_filters",
 "edit_organizations",
 "edit_roles",
 "lock_provisioning_templates",
 "lock_ptables"]

Comment 4 Satellite Program 2017-08-02 14:16:15 UTC

Upstream bug assigned to mhulan

Comment 5 Satellite Program 2017-08-02 14:16:18 UTC

Upstream bug assigned to mhulan

Comment 6 Satellite Program 2017-08-08 10:14:52 UTC

Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/20483 has been resolved.

Comment 7 Kedar Bidarkar 2017-09-11 16:34:21 UTC

 "access_dashboard",    [ exists ] in miscellaneous
 "assign_organizations",      [ exists ]
 "create_compute_profiles",   [ Exists ]
 "create_config_groups",      [ exists ]
 "create_external_usergroups", [ exists ]
 "create_filters",             [ exists ]
 "create_organizations",      [ exists ]
 "create_roles",              [ exists ]
 "destroy_compute_profiles",  [ Exists ]
 "destroy_config_groups",     [ Exists ]
 "destroy_external_usergroups", [ exists ]
 "destroy_filters", [ exists ]
 "destroy_keypairs", [ exists ]
 "destroy_organizations", [ exists ]
 "destroy_roles",    [ exists ]
 "edit_compute_profiles",  [ Exists ]
 "edit_config_groups", [ Exists ]
 "edit_external_usergroups", [ exists ]
 "edit_filters", [ exists ]
 "edit_organizations", [ exists ]
 "edit_roles",  [ exists ]
 "lock_provisioning_templates", [ exists ]
 "lock_ptables" [ exists ]


VERIFIED With sat6.3.0 snap15.0

Comment 8 Satellite Program 2018-02-21 16:51:07 UTC

Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> 
> For information on the advisory, and where to find the updated files, follow the link below.
> 
> If the solution does not work for you, open a new bug report.
> 
> https://access.redhat.com/errata/RHSA-2018:0336

Note You need to log in before you can comment on or make changes to this bug.