Description of problem: Version-Release number of selected component (if applicable): katello-0.1.112-1.git.5.4e00e02.el6.x86_64 How reproducible: Steps to Reproduce: 1. Create a user and role 2. Add the permission Global/Organization/Create to the role 3. Add the user to the role 4. Log out, log in as the new user 5. Create an org (success) 6. Delete an org Actual results: Can delete orgs, even ones the user didn't create Expected results: User cannot delete orgs, he does not have the permission. Additional info: This may happen with other entity types, haven't tested yet. Will comment here if there are other problems.
Giving Global/Orgs/RegisterSystems also allows removing systems.
After discussing w partha, rephrasing the summary to match the true nature of the problem - the verbs are not intuitively named. <parthovsky> no you can edit also <parthovsky> jweiss: create implies you get to do everythign <jweiss> so... what is the difference between create and manage <parthovsky> manage is just edit [14:12] <parthovsky> create = create + edit + read + delete <jweiss> oh <jweiss> ok, i think we're going to have to fix that terminology <jweiss> that's not very intuitive <parthovsky> yes <parthovsky> thats a better bug <jweiss> to me "Manage" sounds like admin privs <parthovsky> ah <parthovsky> jweiss: I think jrist complained about that .. I ve just been slacking [14:13] <parthovsky> hehe <jweiss> so i suggest for all CRUD: "Manage". <jweiss> for just edit: "Edit" <parthovsky> hm that sounds better actually [14:14] <parthovsky> jrist: jsherrill: what da ya think <parthovsky> :) <parthovsky> mccun934: ^ <jsherrill> i like it <jsherrill> or maybe "Create and Manage" <jrist> yeah, it'd be fine if it were consistent, and understandable <jsherrill> just to differentiate from edit [14:15] <jweiss> what's currently called "Create" is full privileges right? <jweiss> we just need a word for that. "Administer"? <jweiss> or "Full control" [14:16] <jweiss> but "Create" is definitely not right <mccun934> parthovsky: yeah, we need to change the terms <mccun934> definitely confusing <parthovsky> jsherrill: sadly we neve managed to do the "description" part of the perms [14:17] <jsherrill> parthovsky: yeah, that would help <parthovsky> jrist: did you have any ideas about that [14:18] <parthovsky> mccun934: thinking of adding some sprint tasks this sprint on perms <parthovsky> may be 6 hrs :) <mccun934> parthovsky: that is fine, just do it at the end of the sprint [14:19] <jweiss> here's my suggestions: CRUD: Administer, C/R/U/D = those words - IOW change "Access" to "Read" <mccun934> Administer makes sense <parthovsky> jweiss: and edit is just edit right [14:21] <jweiss> "Access" to me is ambiguous - doesn't necessarily mean read only <jweiss> parthovsky: yeah, i guess, "Update" would work too [14:22] <jweiss> as for create, i suppose that verbs like "Register" in specific cases like systems also is fine <jweiss> parthovsky: i'll update the bz
Should be fixed as of http://git.fedorahosted.org/git/?p=katello.git;a=commit;h=037e109349abf6189494de6431d3aeb333ab8a6d
mass ON_QA move
Permission verbs are named better now, still not perfect but opened separate bug https://bugzilla.redhat.com/show_bug.cgi?id=773761 Verified, katello-0.1.229-1.git.0.f2ad9e2.el6.noarch