First Last Prev Next    This bug is not in your last search results.
Bug 801908 - RBAC permissions should be better documented and have fewer surprises
RBAC permissions should be better documented and have fewer surprises
Status: CLOSED WONTFIX
Product: Red Hat Satellite 6
Classification: Red Hat
Component: WebUI (Show other bugs)
6.0.0
Unspecified Unspecified
unspecified Severity medium (vote)
: Unspecified
: --
Assigned To: Mike McCune
Katello QA List
: Triaged
Depends On:
Blocks: 796964
  Show dependency treegraph
 
Reported: 2012-03-09 14:45 EST by Jeff Weiss
Modified: 2014-11-09 17:52 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-03-18 13:39:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Jeff Weiss 2012-03-09 14:45:34 EST 
Description of problem:
It's not at all clear to a user exactly what tabs/panels he will get access to when given a particular permission.  See https://bugzilla.redhat.com/show_bug.cgi?id=796964

In the above bug, there are several issues - 1) that some tabs are enabled, such as GPG keys, for seemingly unrelated permissions (Sync Products).
2) Some permissions are enabled completely outside the user-accessible RBAC settings.  Such as, when a user is given a default environment, he automatically gets permissions to register and view systems - even though in the roles UI, he has no permissions.

I think 2) should be eliminated entirely.  If a customer deliberately gives a user no permission, that's exactly what he should have.  Even if he has a default environment, he should not be able to register or view systems.

As for 1) I think there should be tooltips or hovertext or something in the RBAC ui panels explaining exactly what each permission grants.  Otherwise it's very difficult to use fine-grained permissions, since you can't know exactly what will be granted until you try it.

Version-Release number of selected component (if applicable):
Katello Version: 0.2.8-1.git.24.b178f46.el6

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Dmitri Dolguikh 2012-09-25 08:29:24 EDT 
I think this warrants a bit of a discussion. 

#1 is a documentation issue, mostly. At least as things stand now, candlepin permits registration and viewing of systems to all consumers. Katello's default permissions reflect that.


#2 is an impedance mismatch between data model and views. You are right that UI should somehow show the relation between roles/permissions and views. I'm not sure hover-over is appropriate for that however, as there could be quite a bit of information there.

We probably need an additional panel that shows a list of accessible pages/tabs/fields that UI updates as changes are made to roles/permissions.
Comment 3 Mike McCune 2014-03-18 13:39:10 EDT 
This bug was closed because of a lack of activity.  If you feel this bug should be reconsidered for attention please feel free to re-open the bug with a comment stating why it should be reconsidered.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.