Created attachment 1479488 [details] excerpt from production.log Description of problem: The tenant administrator can't navigate to Groups. When clicked, internal error appears. Similar issue for super administrator is described in bz 1593171. That is now fixed and works as expected. Version-Release number of selected component (if applicable): 5.10.0.12 How reproducible: Always Steps to Reproduce: 1. Create a tenant administrator user with: Group: EvmGroup-tenant_administrator Role: EvmRole-tenant_administrator 2. Login with this user 3. Navigate to Configuration; Access Control -> Groups 4. Internal error appears Actual results: Can't navigate to Groups; Internal error appears Expected results: Can navigate to Groups Additional info: This worked in 5.9.4 - marking as regression. See also log excerpt from production.log.
Hi Antonin, do you have the error and backtrace from the log or a set of logs that we can look at?
Looks like groups, user_roles, and users have this same bug. Very close to having a fix
https://github.com/ManageIQ/manageiq/pull/17930
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/9a9b5ddc47ff8baae49ed1a7cba37732d609df11 commit 9a9b5ddc47ff8baae49ed1a7cba37732d609df11 Author: Keenan Brock <keenan> AuthorDate: Thu Aug 30 14:18:21 2018 -0400 Commit: Keenan Brock <keenan> CommitDate: Thu Aug 30 14:18:21 2018 -0400 fix: with_role_excluding has bad subquery Rbac.filtered/search uses this method to filter by tenant admin Unfortunately, the subquery was using the select from the main query and producing bad queries It is now properly isolating the queries and tests have been added to protect against regressions https://bugzilla.redhat.com/show_bug.cgi?id=1623464 app/models/miq_group.rb | 2 +- app/models/miq_user_role.rb | 2 +- app/models/user.rb | 4 +- spec/lib/rbac/filterer_spec.rb | 6 +- spec/models/miq_group_spec.rb | 10 + spec/models/miq_user_role_spec.rb | 10 + spec/models/user_spec.rb | 24 + 7 files changed, 51 insertions(+), 7 deletions(-)
this is on master you should be good to go
Verified with 5.10.0.15.