Description of problem: In CloudForms 4.6 (both GA & errata release 1), when I create a group that is using a role that has VM access restrictions set to anything other than "none", users of the group cannot see any catalog items. Applying a tag to the group's filtering, and then applying the same tag to the catalog item does not make it visible, as it as in previous versions of CloudForms
Version-Release number of selected component (if applicable): GA & errata 1
How reproducible: Always
Steps to Reproduce:
1. Create group assigned to a role with VM access restriction set to "Only User Owned" or "Only User or Group Owned".
2. Set a filtering tag for the group under "This user is limited to items with the selected tags."
3. Assign that same tag to a catalog item.
Actual results: Catalog item should be visible to users of this group
Expected results: Catalog item is not visible to users of the group
Additional info: Have obserbed this in 3 different environments so far - one upgrade from 4.5 (where it previously worked) to 4.6 GA, and one new deployment of 4.6 GA and 4.6 errata 1 each.
Changing component to Appliance to review as it appears to be an RBAC issue.
VERIFIED in 126.96.36.199. A restricted user (ownership and tagging) can see catalog items that are not user/group owned when they both have the same tag