Red Hat Bugzilla – Bug 163544
Java Security for SDC
Last modified: 2007-04-18 13:29:30 EDT
Very similar to Actions, Servers were only using the org to decide if we could
look them up. The result is that users with no servers assigned to them can
manage servers in the SDC by typing in the appropriate url with sid.
Ken, this is going to need a testplan.
Sequester an org with at least two users and one system in which one user has
access to the server and the other user does not. Note: In order for a user to
not have access to a system, he or she must not be an org admin nor a system
group admin and must not have access to a system group that that server is in.
A user's server perms can be found in Users->Click a User->Systems.
For the user which does have permission, he or she should see the system in the
System List and should be able to view and schedule actions for the system in
System Details pages. (Systems->Systems->Click the System->Click a java link in
the middle nav (Errata, Packages))
For the user which does not have permission, go to Systems->Systems->Click a
System->modify the url so that the sid parameter equals the system id of the
inaccessible system. None of the pages (Java or Perl) should allow you to view
will qa this.
works fine, prod_ready.