Bug 800511 - Revise global roles and default user permissions
Revise global roles and default user permissions
Status: CLOSED ERRATA
Product: CloudForms Cloud Engine
Classification: Red Hat
Component: aeolus-conductor (Show other bugs)
1.0.0
Unspecified Unspecified
unspecified Severity unspecified
: beta5
: ---
Assigned To: Scott Seago
pushpesh sharma
: Triaged
: 798120 (view as bug list)
Depends On:
Blocks: 788465
  Show dependency treegraph
 
Reported: 2012-03-06 10:53 EST by Scott Seago
Modified: 2014-08-04 18:30 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-05-15 18:48:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Scott Seago 2012-03-06 10:53:10 EST
Description of problem:

We've got some unnecessary global roles, a couple that need combining, and we should remove most of the default user permission assignments

Delete the following roles:
  Global Provider Creator
  Global Pool Creator

Combine the following roles into Global Pool User:
  Global Deployable User
  Global Catalog User
  Global Pool User

Remove the all default permission assignments for new users except for 'Global HWP User' (admins will assign users to appropriate environments and pools):
Comment 1 Scott Seago 2012-03-06 11:23:23 EST
One modification. For now we're sticking with the Pool User role on the 'Default' Pool -- and _adding_ 'Pool Family User' on the default pool family for new users.
Comment 2 Scott Seago 2012-03-07 00:58:27 EST
Patch on-list here: https://fedorahosted.org/pipermail/aeolus-devel/2012-March/009446.html

minor change to overrides/en.yml for internal repo as well (removal of obsolete entries)
Comment 3 wes hayutin 2012-03-08 10:06:45 EST
*** Bug 798120 has been marked as a duplicate of this bug. ***
Comment 5 Scott Seago 2012-03-12 13:25:40 EDT
patch posted to master at: d3eb97aa67b753a6953427ddb94902f46034ba6c

bug is MODIFIED but the internal patch isn't yet pushed (depends on the external one being moved over first)
Comment 6 Scott Seago 2012-03-12 13:48:57 EDT
internal patch posted to 1.0-product: 80092dfaf0290d83854720c27f0e68f3cb082d77
Comment 8 pushpesh sharma 2012-04-05 01:50:38 EDT
As per the description:-

Deleting the following roles:
  Global Provider Creator 
  Global Pool Creator ===> global zone Creator  

above roles are not an option in the drop-down box for global roles grants.so this requirement is complete.   


Combine the following roles into Global Pool User:
  Global Deployable User==>Global application User
  Global Catalog User
  Global Pool User ==>Global Zone User

Global Zone User is the only available option in the drop-down box for global roles grants.This role is able to preform catalog and application user tasks like:-
1. Can view,use,launch,stop,restart any Deployable 
        
2. Can view any catalog

3. Can view any zone,create new instances in any zone,create new application in any zone,view Quota usage for any zone.

Marking the bug as verified based on above observation.
Comment 9 pushpesh sharma 2012-04-05 01:59:23 EDT
More observation on default permissions:-

1.any new user is assigned the "Global Profile User " by default,as per the description of the problem.

2.Default Cloud assigns "Cloud User" role to every new user.

3.Default Cloud Zone assigns "Zone User" role to every new user.  

2-3 is as per the requirement specified in comment#1

So all requirements are fulfilled and hence bug is verified.
Comment 11 errata-xmlrpc 2012-05-15 18:48:29 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2012-0583.html

Note You need to log in before you can comment on or make changes to this bug.