Bug 163544 - Java Security for SDC
Java Security for SDC
Product: Red Hat Network
Classification: Red Hat
Component: RHN/R&D (Show other bugs)
RHN Devel
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ken Ganong
Mike McCune
Depends On:
Blocks: 147875
  Show dependency treegraph
Reported: 2005-07-18 15:01 EDT by Ken Ganong
Modified: 2007-04-18 13:29 EDT (History)
1 user (show)

See Also:
Fixed In Version: RHN 4.0.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-08-31 23:07:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ken Ganong 2005-07-18 15:01:17 EDT
Very similar to Actions, Servers were only using the org to decide if we could
look them up.  The result is that users with no servers assigned to them can
manage servers in the SDC by typing in the appropriate url with sid.
Comment 1 Mike McCune 2005-07-22 17:18:53 EDT
Ken, this is going to need a testplan.
Comment 2 Ken Ganong 2005-07-25 09:24:50 EDT
Sequester an org with at least two users and one system in which one user has
access to the server and the other user does not.  Note:  In order for a user to
not have access to a system, he or she must not be an org admin nor a system
group admin and must not have access to a system group that that server is in. 
A user's server perms can be found in Users->Click a User->Systems.

For the user which does have permission, he or she should see the system in the
System List and should be able to view and schedule actions for the system in
System Details pages.  (Systems->Systems->Click the System->Click a java link in
the middle nav (Errata, Packages))

For the user which does not have permission, go to Systems->Systems->Click a
System->modify the url so that the sid parameter equals the system id of the
inaccessible system.  None of the pages (Java or Perl) should allow you to view
the system.
Comment 3 Mike McCune 2005-07-29 19:42:00 EDT
will qa this.
Comment 4 Mike McCune 2005-07-29 21:20:30 EDT
works fine, prod_ready.

Note You need to log in before you can comment on or make changes to this bug.