Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
DescriptionAmar Huchchanavar
2018-12-27 19:42:27 UTC
1. Proposed title of this feature request
[RFE] External User Group should inherit Location and Organization preference from Roles
3. What is the nature and description of the request?
Customer would like to inherit the Location and Organization preferences from a particular Role to the External Group so that new user gets the desired loc and org preference based on the selected role.
Currently, it is possible by creating auth source under each organization and location however this is not the feasible solution if you have more than 50 orgs with single auth source. We need to create auth source under each organization.
4. Why does the customer need this? (List the business requirements here)
~~~
The present solution is very plenty of drawbacks in our case, because the ldap configuration will be the same for every organization then when we configured it at the top Organization (Any) but the role doesn't keep the location and organization automatically although we have configured it. It will be only the ldap aboresence that will be different thank to the mapping.
When we configure the affected organization with the AD groups, the role doesn't give the organization and the location as if it should be in any organization. But it seems that we need to define again in each organization weirdly...
That's the main point.
~~~
5. How would the customer like to achieve this? (List the functional requirements here)
- Assign Role to User Group [which is possible]
- However, it does not inherit the preferences(loc and org) while performing autologin.
6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.
Yes
7. Is there already an existing RFE upstream or in Red Hat Bugzilla?
No
This can be alternative solation : https://bugzilla.redhat.com/show_bug.cgi?id=1293835
8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?
No
The Satellite Team is attempting to provide an accurate backlog of bugzilla requests which we feel will be resolved in the next few releases. We do not believe this bugzilla will meet that criteria, and have plans to close it out in 1 month. This is not a reflection on the validity of the request, but a reflection of the many priorities for the product. If you have any concerns about this, feel free to contact Red Hat Technical Support or your account team. If we do not hear from you, we will close this bug out. Thank you.
Upon review of our valid but aging backlog the Satellite Team has concluded that this Bugzilla does not meet the criteria for a resolution in the near term, and are planning to close in one month's time. If you have any concerns about this, please contact your Red Hat Account team. Thank you.
Comment 19Jean-Baptiste Dancre
2021-03-12 13:56:34 UTC
This bugzilla may be a side-effect of a bigger security/RBAC approach that is not consistent accross the Satellite in a multi-organisation deployment.
Because rights are not properly assigned based on their roles to a user, it shows explicitly that it generates security issues. Some are listed in this BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1886594
But deep down, it seems related to inconsistencies on the RBAC approach.
Those issues (this BZ or the one linked) is still occuring in Satellite 6.8, and so far nothing indicates that release 6.9 would fix anything on this matter.
So not fixing this BZ is fine, as long as some deep rework is done on the RBAC model, as currently, it looks as beeing deeply flawed.
Thank you for your interest in Satellite 6. We have evaluated this request, and while we recognize that it is a valid request, we do not expect this to be implemented in the product in the foreseeable future. This is due to other priorities for the product, and not a reflection on the request itself. We are therefore closing this out as WONTFIX. If you have any concerns about this, please do not reopen. Instead, feel free to contact your Red Hat Account Team. Thank you.