Bug 1497881 - user accounts which have been deleted can still be added to groups, given systems and loans
Summary: user accounts which have been deleted can still be added to groups, given sys...
Alias: None
Product: Beaker
Classification: Community
Component: general
Version: 24
Hardware: Unspecified
OS: Unspecified
unspecified vote
Target Milestone: 24.5
Assignee: Dan Callaghan
QA Contact: Anwesha Chatterjee
Depends On:
TreeView+ depends on / blocked
Reported: 2017-10-03 01:09 UTC by Dan Callaghan
Modified: 2017-10-27 06:47 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-10-27 06:47:26 UTC

Attachments (Terms of Use)

Description Dan Callaghan 2017-10-03 01:09:16 UTC
When a user account is "deleted" / removed, we make sure that Beaker also cleans up any resources belonging to that account. The account can no longer log in or submit jobs, however there is currently nothing stopping somebody *else* from giving resources to the account after it is removed.

Specifically it should not be possible to:
* loan a system to a removed account
* change a system's owner to be a removed account
* add a removed account to a group
* add a removed account to a system access policy
because these are all the things that get cleaned up as part of the removal process, so we expect them to stay that way afterwards.

Comment 1 Dan Callaghan 2017-10-06 07:07:22 UTC
https://gerrit.beaker-project.org/5864 disallow lending systems to deleted users
https://gerrit.beaker-project.org/5865 disallow giving systems to deleted users
https://gerrit.beaker-project.org/5866 disallow adding deleted users to groups
https://gerrit.beaker-project.org/5867 disallow adding deleted users to access policies

Comment 3 Anwesha Chatterjee 2017-10-23 04:27:30 UTC
Verified that deleted user cannot be  
* loaned to a system
* a system's owner 
* added to a group
* added to a system access policy

Comment 4 Dan Callaghan 2017-10-27 06:47:26 UTC
Beaker 24.5 has been released.

Note You need to log in before you can comment on or make changes to this bug.