Red Hat Bugzilla – Bug 803715
Changing Global Role Grants results in a "success" and "warning" message simultaneously
Last modified: 2014-01-05 13:35:07 EST
Description of problem:
Global Role Grants page presents the user with a number of drop-down boxes. This allows users to change multiple roles concurrently - some of which may not be compatible. Fro example:
Steps to Reproduce:
1. Logged in as admin
2. Clicked on Users -> Global Role Grants
3. Saw 5 drop-down boxes available
4. Changed the roles in three of the boxes (one box was changed from from Global Administrator to Global Application Blueprint Administrator)
5. Did *not* click on the "Grant Access" yet
6. Conductor returned the following two messages together:
Successfully modified the following User Roles: admin (from Global Administrator to Global Application Blueprint Administrator)
You have insufficient privileges to perform the selected action.
Since I changed two other roles I am not sure which one was the offending change. And, I had not even confirmed my choice before the Administrator panel went blank and conductor returned those two messages (see attached screenshot)
This may involve some user error/ user ignorance again but it was easy for me to get myself into a mess here and not have an easy way to underdo the roles I'd lost in changing the other drop-down box choices.
[root@ibm-x3200m3-01 ~]# rpm -qa |grep aeolus
Created attachment 570297 [details]
User Roles Warning
You changed your (admin's) current role to something lesser. After the change, you no longer have permission to view the roles page. So both messages are accurate -- you succeeded in re-setting permissions, but now you can't see the results of your actions. So the two error messages are correct (but confusing). Also note that, in addition to the error message, the page itself is blank.
We should probably (post-1.0 perhaps?) add some sort of warning when a user attempts to change a role to him/herself (at the same time we implement client-side js-based table/grid action enabling). This would make it more obvious what's going on.
Not in the scope of this bug, but I'd advocate changing the "no permissions error" page to actually print the permission denied in the content area of the page itself rather than as a standard error message at the top of a (now blank) page.
Do we intend to take action on this? If not, let's CLOSED_WONT_FIX