Bug 790712 - Non admin user is able to stop instances launched by admin
Summary: Non admin user is able to stop instances launched by admin
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: CloudForms Cloud Engine
Classification: Retired
Component: aeolus-conductor
Version: 1.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: beta4
Assignee: Scott Seago
QA Contact: wes hayutin
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-02-15 09:03 UTC by Shveta
Modified: 2012-05-01 15:42 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-07 18:38:44 UTC

Attachments (Terms of Use)
roles (229.18 KB, image/png)
2012-02-15 09:03 UTC, Shveta 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Shveta 2012-02-15 09:03:46 UTC 
Created attachment 562171 [details]
roles

Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Created a user shveta
2. Roles granted to shveta are "Zone administrator" , "Profile admin" ,
and "application blueprint administrator"
3. Login as shveta pretty view and stop instances launched by admin and delete deployments created by admin.

Sucessful
  
Actual results:


Expected results:


Additional info:

rpm -qa|grep aeolus
aeolus-conductor-doc-0.8.0-27.el6.noarch
aeolus-conductor-daemons-0.8.0-27.el6.noarch
aeolus-configure-2.5.0-13.el6.noarch
rubygem-aeolus-cli-0.3.0-8.el6.noarch
aeolus-all-0.8.0-27.el6.noarch
aeolus-conductor-0.8.0-27.el6.noarch
rubygem-aeolus-image-0.3.0-7.el6.noarch
Comment 1 Hugh Brock 2012-02-22 18:10:59 UTC 
Also see 788148
Comment 2 Scott Seago 2012-02-28 05:42:55 UTC 
"(Global) Zone Administrator" says "user has full rights to zones, instances, deployments, and application blueprints.

Thus this is the desired behavior. Once you start adding the global admin permissions, you can no longer say that this is a "non-admin" user, since you've given the user admin rights to zones, instances, etc. Note that your 'zone administrator' will still have no rights to mess with providers, etc. as that's a different class of administration rights.

I think this should be closed as NOTABUG.
Comment 4 Hugh Brock 2012-03-07 18:38:44 UTC 
Agree with Scott, this is desired behavior. Closing as NOTABUG.
Note You need to log in before you can comment on or make changes to this bug.