Red Hat Bugzilla – Bug 796437
Users with super user role cannot view other users
Last modified: 2013-08-31 06:15:45 EDT
Description of problem:
As a user in the super user role, e.g., rhqadmin, I cannot view other users in the users view. I came across this in master.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Log in as rhqadmin (or another user in the super user role).
2. Create a new user, and do not assign the user to the super user role.
3. After the user is created you are sent to the users view, but you will not see the user even if you click the refresh button in the footer.
I assigned the new user to a new role, and when I (as rhqadmin) go to view that role and click on the users tab, I do see the user listed. I can log in as the new user as well. The new user can the see the list of users as expected. This problem appears to be specific to users in the super user role.
It appears that this may be related to bug 786159. CCing Ian Springer so he can take a look at this.
Fixed in master:
We now make sure superusers, or users w/ MANAGE_SECURITY, can view other users, even if they don't have VIEW_USERS.
1) Verify that rhqadmin can view all other users.
2) Verify that another user added to the Superuser role can view all users.
3) Create a role that has MANAGE_SECURITY, but does *not* have VIEW_USERS. Add a user to that role. Verify that user can view all other users.
4) Create a role that has VIEW_USERS, but does *not* have MANAGE_SECURITY. Add a user to that role. Verify that user can view all other users.
5) Create a role with no permissions. Add a user to that role. Verify that user can *not* view any other users.
6) Create a user with no roles. Verify that user can *not* view any other users.
Verified on the Build:
Build Number: 5ffafd2
GWT Version: 2.4.0
SmartGWT Version: 3.0
OS: RHEL 6.1 X86_64
Browser: Firefox ESR 10.0.3
Followed the steps on Comment 3. Unable to execute the step #3, because "View Users permission cannot be deselected, unless the Manage Security permission, which implies all other permissions, is deselected first."
Bulk close of old bugs in VERIFIED state.