1507029 – User unable to login to SSUI when role is EvmRole-user_self_service or EvmRole-user_limited_self_service

Bug 1507029 - User unable to login to SSUI when role is EvmRole-user_self_service or EvmRole-user_limited_self_service

Summary: User unable to login to SSUI when role is EvmRole-user_self_service or EvmRol...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat CloudForms Management Engine
Classification:	Red Hat
Component:	UI - Service
Sub Component:
Version:	5.9.0
Hardware:	All
OS:	All
Priority:	high
Severity:	high
Target Milestone:	GA
Target Release:	5.10.0
Assignee:	Allen W
QA Contact:	Dave Johnson
Docs Contact:
URL:
Whiteboard:	ssui:rbac
Duplicates (1):	1465642 (view as bug list)
Depends On:
Blocks:	1468295 1514189
TreeView+	depends on / blocked

Reported:	2017-10-27 13:01 UTC by Landon LaSmith
Modified:	2020-09-10 11:22 UTC (History)
CC List:	12 users (show)
Fixed In Version:	5.10.0.0
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1514189 (view as bug list)
Environment:
Last Closed:	2018-06-21 20:39:55 UTC
Category:	---
Cloudforms Team:	---
Target Upstream Version:
Embargoed:
Flags:	llasmith: automate_bug+

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1465642	0	high	CLOSED	Non-admin users unable to see Catalog Items in SUI	2021-02-22 00:41:40 UTC

Internal Links: 1465642

Description Landon LaSmith 2017-10-27 13:01:59 UTC

Description of problem: A user assigned to the roles EvmRole-user_self_service or EvmRole-user_limited_self_service is unable to login to the SSUI.


Version: 5.9.0.4.20171024163837_ef71ea6

How reproducible: 100%


Steps to Reproduce:
1. Create a new user and assign it to a default group for self service:
   EvmGroup-user_self_service -> EvmRole-user_self_service
           --AND/OR--
   EvmGroup-user_limited_self_service -> EvmRole-user_limited_self_service   
2. Attempt to login to the appliance via the SSUI

Actual results: Login fails with "Error! You do not have permission to view the Service UI. Contact your administrator to update your group permissions."

Expected results: Login to SSUI successful


Additional info: Copying either role, adding permissions under "Service UI" and assigning the user to it will allow a successful login

Comment 2 Allen W 2017-10-27 13:25:32 UTC

Hi Landon!  Great catch! Yeah both of those roles need to be rewritten based on product features under the Service UI tree.  A while back it was decided that if a user doesn't have any valid SUI product features, then they would not be allowed to log in. So what we have to do now is find who writes the roles and get em to adapt them to the new SUI branch of the product feature tree

Comment 5 Allen W 2017-10-27 17:29:37 UTC

https://github.com/ManageIQ/manageiq/pull/16329

OK well lets see if this sticks...

Comment 6 Yuri Rudman 2017-10-31 19:47:35 UTC

*** Bug 1465642 has been marked as a duplicate of this bug. ***

Comment 28 Allen W 2017-11-14 16:15:54 UTC

PR is IN!!!!

Note You need to log in before you can comment on or make changes to this bug.