Description of problem:
A user is assigned the role of Host Admin, and kinits, goes to UI. This user cannot perform any Hosts related actions.
Same is true with any other role as well.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Add a user
2. Add a new Role - Host Admins, enroll the user added above
3. Edit this role, to enroll "Host Administrators" as a privilege
4. kinit as the user
5. Go to the UI
There is no Host tab
Host tab is available for this user to allow adding/editing hosts
verified on rhel6.2 i386
[yi@i386a(101) ~] rpm -qi ipa-server
Name : ipa-server Relocations: (not relocatable)
Version : 2.1.3 Vendor: Red Hat, Inc.
Release : 2.el6 Build Date: Tue 18 Oct 2011 11:12:34 AM PDT
Install Date: Thu 20 Oct 2011 10:39:05 AM PDT Build Host: x86-002.build.bos.redhat.com
Group : System Environment/Base Source RPM: ipa-2.1.3-2.el6.src.rpm
Size : 3355311 License: GPLv3+
Signature : (none)
Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL : http://www.freeipa.org/
Summary : The IPA authentication server
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof). If you are installing an IPA server you need
to install this package (in other words, most people should NOT install
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
Cause: Web UI does not take into account when non-admin user is a member of an administrative role and thus have more privileges than doing just self-service actions
Consequence: User with administrative role (e.g. a Host Admin) is not allowed to access the related administrative Web UI section (e.g. a Hosts tab)
Fix: Show the full administrative tabset for users with a role
Result: Users with administrative role can access the respective sections and proceed with allowed actions
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.