Description of problem: Even after enabling the Service Role, User not able to order the catalog and it throws Version-Release number of selected component (if applicable): 5.9.0 How reproducible: Always Steps to Reproduce: 1. Go to Access Control, Create a role named "service_role" with below roles should be enabled i.e. Compute and Services. 2. Create a user i.e. "service_user" based on this "service_role" 3. Login with service_user and while ordering the catalog, it is throwing 403 Forbidden exception. Actual results: [----] E, [2018-02-16T06:22:32.979134 #1964:4db8c70] ERROR -- : MIQ(Api::ServiceDialogsController.api_error) API Error [----] E, [2018-02-16T06:22:32.979219 #1964:4db8c70] ERROR -- : MIQ(Api::ServiceDialogsController.api_error) Api::ForbiddenError: Use of the read action is forbidden [----] I, [2018-02-16T06:22:32.979768 #1964:4db8c70] INFO -- : MIQ(Api::ServiceDialogsController.log_request) Response: {:completed_at=>"2018-02-16 11:22:32 UTC", :size=>"0.108 KBytes", :time_taken=>"0.017 Seconds", :status=>403} Expected results: It should be able to order the service. Additional info: As a workaround, if we enable the automate privilege to the service_user then he is able to order the service.
https://github.com/ManageIQ/manageiq-api/pull/343
New commit detected on ManageIQ/manageiq-api/master: https://github.com/ManageIQ/manageiq-api/commit/2033b1440b729f5a91cd0749f6cded4d8c416b47 commit 2033b1440b729f5a91cd0749f6cded4d8c416b47 Author: Jillian Tullo <jtullo> AuthorDate: Thu Mar 8 11:09:33 2018 -0500 Commit: Jillian Tullo <jtullo> CommitDate: Thu Mar 8 11:09:33 2018 -0500 Add svc_catalog_provision product feature to service dialog queries Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1546944 config/api.yml | 12 +- spec/requests/service_dialogs_spec.rb | 16 + 2 files changed, 25 insertions(+), 3 deletions(-)
*** Bug 1563146 has been marked as a duplicate of this bug. ***
Verified with 5.10.0.19.