Bug 1479583 - EvmRole-auditor can perform actions on VM
EvmRole-auditor can perform actions on VM
Status: ON_DEV
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - OPS (Show other bugs)
5.8.0
Unspecified Unspecified
high Severity high
: GA
: cfme-future
Assigned To: Martin Povolny
Dave Johnson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-08 17:35 EDT by George Field
Modified: 2017-11-04 10:32 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: Bug
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: CFME Core


Attachments (Terms of Use)

  None (edit)
Description George Field 2017-08-08 17:35:26 EDT
Description of problem:
According to Redhat doc, role EvmRole-auditor should have no permission on perform any actions on VMs. However, users having that role are able to poweron/poweroff VMs

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Create a user and assign role EvmRole-auditor
2.Login with the user
3.Go to any VM and click on the Power button, all actions are visible and can be performed.

Actual results:
User is able to poweron/poweroff VMs

Expected results:
User shouldn't even be able to see the power button or actions should be disabled

Additional info:
EvmRole-security has the same problem.
Comment 3 Martin Povolny 2017-10-31 16:15:39 EDT
> According to Redhat doc

Can you give me a link to that doc, please?
Comment 6 Martin Povolny 2017-11-04 08:04:19 EDT
As a workaround you can copy the pre-defined Auditor role to a new role, fix the permissions under the new role and assign the new role in place of the pre-defined role.

I am working on a fix here: https://github.com/ManageIQ/manageiq/pull/16394
Comment 7 George Field 2017-11-04 10:32:29 EDT
Hi Martin,
Thank you very much for working on the fix.
CloudForms is the best in its kind and I am very happy to see it's getting better and better because of you guys. Awesome!
Regards,
George Field

Note You need to log in before you can comment on or make changes to this bug.