Bug 1574958 - [RFE] Auto-assign role when a user is created on internal-auth or triggered by SAML logon
Summary: [RFE] Auto-assign role when a user is created on internal-auth or triggered ...
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine
Version: 4.1.10
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Nobody
QA Contact: Pavel Stehlik
Depends On: 1570040 1574951 1588375
TreeView+ depends on / blocked
Reported: 2018-05-04 12:21 UTC by Juan Manuel Parrilla Madrid
Modified: 2019-05-16 13:09 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of: 1574951
Last Closed: 2018-05-11 13:13:54 UTC
oVirt Team: Infra
Target Upstream Version:

Attachments (Terms of Use)

Description Juan Manuel Parrilla Madrid 2018-05-04 12:21:22 UTC
Description of problem:

I have been working with RHEV development people, concretely with "mmartinv" to make work mod_auth_mellon with internal-auth and it works fine.

The issue comes when you login with a precreated user on the database, this one has not any role assigned, then will not see anything. 

The point of this bug is, to create a default role that has very limited permissions. All the users that has been created with "ovirt-aaa-jdbc-tool" belongs to this default group.

This bug is also related with:

- https://bugzilla.redhat.com/show_bug.cgi?id=1570040
- https://bugzilla.redhat.com/show_bug.cgi?id=1574951

Comment 1 Martin Perina 2018-05-11 13:13:54 UTC
This RFE doesn't make sense:

1. We don't want to assign admin role to all new users to be able to login into webadmin

2. We don't want to assign user role globally to all new users, because they would be able to see all VMs. Users permissions has to be assigned pre sepcific VM or pool.

Administrator need to assign role per specific object before user can login to either webadmin or VM portal.

Comment 2 Franta Kust 2019-05-16 13:09:30 UTC
BZ<2>Jira Resync

Note You need to log in before you can comment on or make changes to this bug.