1) Have an instance with multiple orgs, and environments 2) As an admin Create a Role X 3) Give X permissions to read an Org OX, and permissions to read users. 4) Create a user UX and assign him role X 5) Login as user UX 6) Administration->Users -> UX-> Environments (on right tab) 7) See the list of available organizations under Default Organizations dropdown, Actual results: Org OX shows up in the list, even though user UX can't give himself the right to register systems in any environment in Org OX. Expected results: Org OX should not appear on the list. In fact no orgs should show up in that list. Rules of engagement with respect to default environments Administrator -> Admin User Being Modified -> X Page -> Administration->Users -> X-> Environments 1) Admin with "create/modify users" perm should be able to see all the Organizations and Environments in drop down and update user X's orgs & environments. 2) Admin with only "read users" perm should not be edit/update orgs/environments of user X. The only exception to this rule is case where Admin = X, i.e. Admin is editing himself. In this case the Admin should be only able to see orgs & environments that Admin himself can register systems to. 3) X editing himself via top right-> <username>-> environments. In this case X should be only able to see orgs & environments that X himself can register systems to.
should be fixed as of http://git.fedorahosted.org/git/?p=katello.git;a=commit;h=95624038c590c34897b5aaeb83fc2100b207da6f
mass ON_QA move
QA Verified.