Hide Forgot
Description of problem: In Administration->Users->Everyone can add system permissions When you try to remove the permission the operation is cancelled with the message Error while executing action: It's not allowed to remove system permissions assigned to built-in Everyone group Version-Release number of selected component (if applicable): 4.2 up to the latest version 4.2.7.1 How reproducible: Always Steps to Reproduce: 1. add system permission to group everyone 2. remove same permission Actual results: Can't remove permission Expected results: Either don't allow system permission to be added or allow it to be removed Additional info: It looks like the only way to remove the permission is to delete it from the engine database
We have disable the ability to remove permissions from Eveyrone, because administrators performed too many mistakes, which ended in unrecoverable corrupted engine permissions. So it makes sense also to disable adding permissions to Everyone to prevent confusion. If administrators wants to assign permissions to all users, then it makes sense to create a group, where all users belongs, and assign a relevant system permission to this group.
By mistake I have added a VnicProfileUser to Everyone which I don't want, is there any way, other than modifying the database, to delete it? I wouldn't want to alter the database in any way manually.
Base on comment #1 updating the title of the BZ. The remove permissions button should be disabled on the Everyone permissions page. Leaving the ability to add permissions for Everyone so as to avoid breaking any customer user cases
Verified: 4.3.2-0.1.el7
This bugzilla is included in oVirt 4.3.2 release, published on March 19th 2019. Since the problem described in this bug report should be resolved in oVirt 4.3.2 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.