740972 – Should View Providers be implicit for Remove Providers Role?

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 740972 - Should View Providers be implicit for Remove Providers Role?

Summary: Should View Providers be implicit for Remove Providers Role?

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Security
Sub Component:
Version:	Nightly
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	Unspecified
Assignee:	Partha Aji
QA Contact:	Tazim Kolhar
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-09-24 00:25 UTC by Corey Welton
Modified:	2019-09-26 18:20 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-07-02 14:07:39 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Corey Welton 2011-09-24 00:25:57 UTC

Description of problem:
A user/role which grants/who has only has Remove Provider verb cannot actually see any providers in order to be able to remove any.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Create a new user, "removeproviders"
2. Create a new role, "removeproviders_role"
3. Grant new permission, "removeproviders_perm" with verb "Remove Providers"
4. Login with user 'removeproviders'
5. Navigate to Content Management tab  

Actual results:
User cannot see any providers!

Expected results:
I'm not sure if this is a bug or not but it sure is awkward. Submitting for dev/uxd consideration.

Additional info:

Comment 1 Corey Welton 2011-09-24 00:31:43 UTC

FWIW, other CRUD roles - particularly, Create and Manage, both do seem to implicitly allow read access too

Comment 2 Partha Aji 2011-10-13 00:07:00 UTC

In Katello Create/Update/Remove automatically implies read.

But I am unable to reproduce this issue. Is it possible that you had "Remove" with no specific provider selected? Try selecting a specific provider for this remove provider permission and let me know if you can't read still do the read. You can also say the user can remove all providers in the permission. Either way 'Remove' will only work if you have a provider you can remove. Merely selecting the verb won't do much good. Any I am going to resolve this as ON_QA. Fail back if you are still hitting this issue.

Comment 3 Corey Welton 2011-12-16 14:03:21 UTC

I just confirmed this still happens.  User was created, and granted a (global) role with only one permission - delete providers.  However, upon logging in, user cannot see providers from the Content Management > Providers tab.

Comment 4 Corey Welton 2011-12-16 14:05:17 UTC

BTW, version (re)tested in comment #3 above:

katello-glue-foreman-0.1.145-1.git.0.57471e6.el6.noarch
katello-all-0.1.145-1.git.0.57471e6.el6.noarch
katello-httpd-ssl-key-pair-1.0-1.noarch
katello-certs-tools-1.0.1-2.el6.noarch
katello-repos-0.1.3-1.git.0.db2bd1d.el6.noarch
katello-common-0.1.145-1.git.0.57471e6.el6.noarch
katello-configure-0.1.37-1.git.11.fac6c90.el6.noarch
katello-cli-0.1.28-1.git.0.5dc3631.el6.noarch
katello-cli-common-0.1.28-1.git.0.5dc3631.el6.noarch
katello-trusted-ssl-cert-1.0-1.noarch
katello-glue-pulp-0.1.145-1.git.0.57471e6.el6.noarch
katello-glue-candlepin-0.1.145-1.git.0.57471e6.el6.noarch
katello-qpid-broker-key-pair-1.0-1.noarch
katello-0.1.145-1.git.0.57471e6.el6.noarch

Comment 5 Corey Welton 2011-12-16 14:07:00 UTC

Partha, please note:

"User cannot see any providers!"

As such, re: "Is it possible that you had "Remove"with no specific provider selected?" - this would be impossible. I cannot remove providers if I cannot see them in the first place.

Comment 6 Eric Helms 2013-01-22 19:17:09 UTC

This appears to be working upstream as of 909cf6dc7ea400013a06f1e3494d216ee67e5bee

Comment 7 Bryan Kearney 2014-01-21 19:07:09 UTC

Moving to Sat6 to be tracked there. Upstream bugs are moving to redmine.

Comment 10 Tazim Kolhar 2014-05-13 07:38:38 UTC

VERIFIED

Comment 11 Bryan Kearney 2014-07-02 14:07:39 UTC

This was delivered with 6.0.3, which is the Satellite 6 Beta.

Note You need to log in before you can comment on or make changes to this bug.