Bug 717550 - Basic roles shall not be allowed to be deleted
Summary: Basic roles shall not be allowed to be deleted
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: CloudForms Cloud Engine
Classification: Retired
Component: aeolus-conductor
Version: 1.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: beta
Assignee: wes hayutin
QA Contact: wes hayutin
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-06-29 08:12 UTC by Shveta
Modified: 2012-12-04 14:53 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Permission roles could be completely removed and users could enable an application into a state where no one had administrative rights. This bug fix removes the functionality so that permission roles can no longer be deleted.
Clone Of:
Environment:
Last Closed: 2012-12-04 14:53:02 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2012:1516 0 normal SHIPPED_LIVE CloudForms Cloud Engine 1.1 update 2012-12-04 19:51:45 UTC

Description Shveta 2011-06-29 08:12:33 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. As admin --> Control panel --> Roles
2. Select all roles and delete 
3. Once all roles are deleted , admin cannot perform any operation 
like creating user etc because of insufficient privileges
"You have insufficient privileges to perform action."
  
Actual results:


Expected results:


Additional info:

rpm -qa|grep aeolus
aeolus-configure-2.0.1-0.fc14.20110628141215gitb8aaf85.noarch
aeolus-conductor-daemons-0.3.0-0.fc14.20110628135944git2a88782.noarch
aeolus-all-0.3.0-0.fc14.20110628135944git2a88782.noarch
aeolus-conductor-doc-0.3.0-0.fc14.20110628135944git2a88782.noarch
rubygem-aeolus-cli-0.0.1-1.fc14.20110628165632git0dfe3ff.noarch
aeolus-conductor-0.3.0-0.fc14.20110628135944git2a88782.noarch
Comment 1 Scott Seago 2011-07-04 02:38:31 UTC 
At the moment, the right solution here is unclear. From a back end point of view, there are no "magic roles" -- i.e. any role is allowed to be created/deleted, as it's possible that an admin will want to set up a different set of default permissions -- i.e. instead of one role that allows all admin privileges, they might want to split things up into separate roles, none of which can do _everything_.

It may be that certain roles should be identified as "non-modifiable" or "un-deletable", but would that flag also be one that couldn't be edited? Should we allow new roles but require that all "default" ones be left alone? That might make the eventual permissions UI confusing with the addition of new roles without being able to remove the defaults.
Comment 2 wes hayutin 2011-09-28 16:40:47 UTC 
making sure all the bugs are at the right version for future queries
Comment 4 wes hayutin 2012-01-10 17:10:42 UTC 
adding to ce-sprint-next
Comment 5 wes hayutin 2012-01-10 17:13:30 UTC 
adding to ce-sprint-next
Comment 6 wes hayutin 2012-01-12 16:35:17 UTC 
adding to ce-sprint
Comment 7 wes hayutin 2012-01-12 16:41:39 UTC 
removing ce-sprint-next tracker
Comment 8 Angus Thomas 2012-01-13 16:10:16 UTC 
The UI for 1.0 won't include support for editing roles, including deleting them. 

So, this is out of scope for 1.0
Comment 9 wes hayutin 2012-01-16 19:30:52 UTC 
moving to 1.1
Comment 10 wes hayutin 2012-02-22 23:46:39 UTC 
moving version to 1.0.0 .  version = found in version
Comment 11 Dave Johnson 2012-08-01 22:22:51 UTC 
roles can no longer be deleted
Comment 14 Dave Johnson 2012-09-17 21:25:44 UTC 
Roles can no longer be deleted...  good 2 go in CFCE v1.1 2012-09-14.5 puddle
Comment 16 errata-xmlrpc 2012-12-04 14:53:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2012-1516.html
Note You need to log in before you can comment on or make changes to this bug.