Bug 1804060 - Parent admin user should not be deleted after impersonation session [NEEDINFO]
Summary: Parent admin user should not be deleted after impersonation session
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Users & Roles
Version: 6.7.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: 6.7.0
Assignee: satellite6-bugs
QA Contact: tstrych
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-02-18 06:35 UTC by dgupte
Modified: 2020-04-14 13:28 UTC (History)
3 users (show)

Fixed In Version: foreman-1.24.1.8-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-14 13:28:43 UTC
Target Upstream Version:
egolov: needinfo? (satellite6-bugs)


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Foreman Issue Tracker 28867 Normal Closed As impersonated user, it is possible to delete impersonating user 2020-03-09 11:30:11 UTC
Red Hat Product Errata RHSA-2020:1454 None None None 2020-04-14 13:28:53 UTC

Description dgupte 2020-02-18 06:35:48 UTC
Description of problem:
>>
Parent admin user should not be deleted after impersonation session.

Version-Release number of selected component (if applicable):
6.7-beta

Steps to Reproduce:

1) Login with Admin user
2) Create one user with Administrator privileges ex. "satadmin"
3) Click on "Impersonate" from Administer >> Users >> satadmin >> 
4) Go to users tab and try to delete the parent admin user 

Note:- As Impersonate session is on, the parent admin user should not get removed.

Comment 6 tstrych 2020-03-09 11:57:14 UTC
Verified.

I followed the steps from Description.

I also tried this:
1. Third admin user, ex. "newadmin"
2. I logged as "newadmin" and I tried to impersonate the other two users - in my case "admin" and "satadmin". 
In both cases there was missing button for deletion of the parent admin user, in my case for "newadmin". That's correct.

I was unable to delete parent admin.

Comment 10 errata-xmlrpc 2020-04-14 13:28:43 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1454


Note You need to log in before you can comment on or make changes to this bug.