Description of problem: Tried to access group alert definition by a non-admin user(LDAP user) without alert privileges. Navigating to the group alert definition tab displays exception in server log and a message 'Failed to fetch alert definition data' in UI. Please find attached the server log Version-Release number of selected component (if applicable): Build#466 (Version: 4.1.0-SNAPSHOT Build Number: 092d688) LDAP Details: Active Directory Server (Windows Server 2003 R2) URL: ldap://10.65.201.130:636 Search Base: dc=pnq,dc=redhat,dc=com Username: cn=Administrator,cn=users,dc=pnq,dc=redhat,dc=com Password: redhat Search Filter: objectclass=* Login Property: cn Group Search Filter: objectclass=group Group Member Filter: member LDAP Username/password: suniltestad/Redhat123 ( Is a member of LDAP group: sunilgroupad ) How reproducible: Always Steps to Reproduce: 1. Create a LDAP group (Ex: sunilgroupad ) 2. Create a LDAP user (suniltestad) 3. Add the LDAP user to the LDAP group 4. Login to rhq as rhqadmin 5. Create a compatible group of resource like RHQ Agent 6. Define an alert for the compatible group (Ex: Operation execution - Execute 7. the operation so that alert get fired) 8. Create a role (Assign the compatible group created and map to an LDAP group( sunilgroupad ) while creating the role) 9. Login to RHQ as LDAP user(suniltestad) 10. Navigate to Inventory->Compatible groups 11. Click on the compatible group name 12. Click on Alerts tab 13. Click on 'Definitions' sub tab Actual results: It displays exception in server log and a message 'Failed to fetch alert definition data' in UI. Expected results: No exception should be displayed Additional info:
Created attachment 526453 [details] ServerLog
This is also reproducible with a non-admin user with alert permissions (Non admin user can be LDAP user or RHQ user with alert permissions.) Steps: 1. Login to rhq as rhqadmin. 2. Create a compatible group of resource like RHQ Agent. 3. Define an alert for the compatible group (Ex: Operation execution - Execute the operation so that alert get fired) 4. Create a RHQ user. 5. Create a role selecting only 'Manage Alerts' read and write permissions for 'Resource Permissions'. Add the compatible group and user created to the role. 6. Login to RHQ as the user. 7. Navigate to Inventory->Compatible groups. 8. Click on the compatible group name. 9. Click on Alerts tab. 10. Click on 'Definitions' sub tab.
goal should be you are not presented with options that you are not able to do. still ... user cannot perform the activity.