Description of problem: Non admin user without any admin role or permissions can access Admin Portal and do most of the actions only permitted to admin users. In VM portal he can see all the VMs just as an admin user does. Version-Release number of selected component (if applicable): ovirt-engine-4.4.3.3-0.19.el8ev.noarch How reproducible: Always Steps to Reproduce: 1. Have non admin user without any admin permissions or roles 2. Log in to admin portal (or VM portal) 3. Actual results: Non admin user can access admin portal and behaves like admin user in both admin portal and VM portal. Expected results: Non admin user cannot log into admin portal and does not have admin rights in VM portal. Additional info:
Are you sure that your user doesn't have any administrator role assigned on any object? And the user is not a member of any group (recursively) which has any administrator role assigned on any object?
I forgot to add that I cannot reproduce this issue on ovirt-engine-4.4.2.6-0.2.el8ev.noarch
please add OST test to check a regular user can't get into webadmin, this is not the first time it slipped through
Created attachment 1717557 [details] screenshot to comment #7
Please, move to ON_QA when the package has been provided to QE. Moving back to MODIFIED.
Steps: 1) Create a new user with the ovirt-aaa-jdbc-tool 2) Log in as admin to AdminPortal and add UserRole/PowerUserRole to the new user 3) Try to login to AdminPortal as the new user 4) Login to VM Portal and check if user behaves as an admin there 5) Create a new group and new user with the ovirt-aaa-jdbc-tool 6) Add the new user to the group 7) Log in as admin to AdminPortal and add the UserRole/PowerUserRole to the new group 3) Try to login to AdminPortal as the new user 4) Login to VM Portal and check if user behaves as an admin there Results: New user cannot login to AdminPortal and does not behave as an admin in VM Portal. Verified in: ovirt-engine-4.4.3.6-0.13.el8ev.noarch
This bugzilla is included in oVirt 4.4.3 release, published on November 10th 2020. Since the problem described in this bug report should be resolved in oVirt 4.4.3 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.