Description of problem: This concerns only empty appliance. If there are data to be displayed for particular user, it seems to be working fine. After clicking on My Services or My Orders there are error messages displayed in the UI: "There was an error loading the services. Use of the read action is forbidden" "There was an error loading orders." I can't see any relevant message in evm.log. From production.log: "INFO -- : Completed 403 Forbidden in 22ms (Views: 0.3ms | ActiveRecord: 3.1ms)" The affected roles seem to be all excluding these: EvmRole-container_operator EvmRole-consumption_administrator EvmRole-super_administrator EvmRole-user_self_service EvmRole-user_limited_self_service Version-Release number of selected component (if applicable): 5.9.5.0 Happens also in 5.10.0.18 How reproducible: Always Steps to Reproduce: 1. Have fresh (empty) appliance 2. Create a user and assign to a group with a role with SUI access 3. Login to SUI as the new user 4. Try to click around in the SUI Actual results: User can login but errors appear when clicking on My Services, My Orders Expected results: User can't login to SUI OR empty page should be visible for the user without errors Additional info: In 5.8, these roles can't even login to SUI.
https://github.com/ManageIQ/manageiq-api/pull/501
New commit detected on ManageIQ/manageiq-api/master: https://github.com/ManageIQ/manageiq-api/commit/e248678315d71448d7fa8fdc086d091646dacbdb commit e248678315d71448d7fa8fdc086d091646dacbdb Author: Joe VLcek <jvlcek> AuthorDate: Thu Oct 25 13:55:45 2018 -0400 Commit: Joe VLcek <jvlcek> CommitDate: Thu Oct 25 13:55:45 2018 -0400 Add support for sui product features https://bugzilla.redhat.com/show_bug.cgi?id=1637552 config/api.yml | 400 +- spec/lib/api/api_config_spec.rb | 46 +- 2 files changed, 331 insertions(+), 115 deletions(-)
New commit detected on ManageIQ/manageiq/hammer: https://github.com/ManageIQ/manageiq/commit/c6f7240339acc1ab58742ed247e1299ff45d83ec commit c6f7240339acc1ab58742ed247e1299ff45d83ec Author: Gregg Tanzillo <gtanzill> AuthorDate: Fri Nov 9 10:10:14 2018 -0500 Commit: Gregg Tanzillo <gtanzill> CommitDate: Fri Nov 9 10:10:14 2018 -0500 Merge pull request #18175 from chalettu/sui-permissions-update Added metrics and tag permissions to SUI permission tree (cherry picked from commit a6d4569c7193cd117a072267a50606df43edb9da) https://bugzilla.redhat.com/show_bug.cgi?id=1637552 db/fixtures/miq_product_features.yml | 8 + 1 file changed, 8 insertions(+)
New commit detected on ManageIQ/manageiq-api/hammer: https://github.com/ManageIQ/manageiq-api/commit/b1591eda3bffd89c5bea7da209550a7dc438f0f4 commit b1591eda3bffd89c5bea7da209550a7dc438f0f4 Author: Gregg Tanzillo <gtanzill> AuthorDate: Fri Nov 9 12:09:19 2018 -0500 Commit: Gregg Tanzillo <gtanzill> CommitDate: Fri Nov 9 12:09:19 2018 -0500 Merge pull request #501 from jvlcek/bz_1637552_apiyml Add support for sui product features (cherry picked from commit b7c13ca93d66f44eaf3a6b77ee9ffce046589246) https://bugzilla.redhat.com/show_bug.cgi?id=1637552 config/api.yml | 394 +- spec/lib/api/api_config_spec.rb | 46 +- 2 files changed, 325 insertions(+), 115 deletions(-)
Verified with 5.10.0.31.