Red Hat Bugzilla – Bug 697855
Reports->Configuration History: User without configure read permissions can view a config history of a resource in reports
Last modified: 2011-10-04 15:27:44 EDT
Description of problem:
User without configure read permissions can view a config history of a resource in Reports->Configuration History page.
Version-Release number of selected component (if applicable):
build#1144 (Version: 4.0.0-SNAPSHOT Build Number: 50f58a4)
Steps to Reproduce:
1. Login to RHQ as rhqadmin.
2. Create a user and a compatible group of resorces (Ex: RHQ Agent).
3. Create a role with no permissions.
4. Assign the resource group and the user created to the role.
5. Logout and login as the user created above( with no permissions)
6. Navigate to Reports->Configuration History.
The Reports->Configuration History displays the config history rows for the resource(RHQ Agent)
User without configure read permissions should not be able to view config history of a resource.
When the same user (without configure read permissions) navigates to the individual resource, the 'Configuration' tab is disabled as expected.
This issue was already solved. Marking as duplicate.
*** This bug has been marked as a duplicate of bug 696648 ***