Description of problem: LDAP: ldap user should be given the least privileges of the two roles to which he belongs. Version-Release number of selected component (if applicable): 3.0.0-SNAPSHOT How reproducible: Steps to Reproduce: 1. Make ldap user (Ex: user3) member of two different groups say 'Test1' and 'Test2' in ldap. 2. The two different groups are mapped to two different roles in rhq. ( Group 'Test1' is mapped to role 'All Resources' and group 'Test2' is mapped to a role say 'Role2' having least privileges. 3. Login as ldap user (Ex: user3) into rhq. 4. Check the user role privileges after login. Actual results: User is not given least privileges of the two roles to which he belongs. ( User is given privileges of role 'All Resources') Expected results: User should be given the least privileges of the two roles to which he belongs. (Should be given 'Role2' privileges) Additional info:
I think we should carry on with the same behaviour as we have currently in RHQ. This can be tested without using LDAP at all, just assign a user to two RHQ roles and see which privileges they get. I think it will probably end up with the superset of privileges, which has proved fine thus far.
Verified as suggested in rhq against the maser build#153. If a user is assigned two different roles having different privileges in rhq, he gets the higher privileges of two roles.
Mass-closure of verified bugs against JON.