Description of problem: Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1.Create a new user with role "Global Cluster admin",(along with the default role 'global profile user' role) 2.login as Global cluster admin 3.go to content -->cloud resource cluster 4.Add cluster 5. Try adding mapping to cluster Actual results: Observed that cluster admin is unable to add/edit mapping to the cluster Expected results: As per the role doc "https://www.aeolusproject.org/redmine/projects/aeolus/wiki/Roles_list" " Global Realm Administrator should be allowed to modify front end realms" Additional info: rpm -qa | grep aeolus aeolus-conductor-0.8.13-1.el6_2.noarch aeolus-configure-2.5.3-1.el6.noarch rubygem-aeolus-image-0.3.0-12.el6.noarch rubygem-aeolus-cli-0.3.1-1.el6.noarch aeolus-all-0.8.13-1.el6_2.noarch aeolus-conductor-doc-0.8.13-1.el6_2.noarch aeolus-conductor-daemons-0.8.13-1.el6_2.noarch
I understand the "Provider" account accessibility is required to do add/edit the mapping to cluster. But it will be good to tell the user with what pre-requisite they need to have to use each role. please let me know your thoughts on this?
You need to be able to access the Provider (not the provider account) to map to a given provider. Basically in order to map a realm/cluster to a provider (or provider realm) you need "cluster edit/admin" and access to the provider in question (since it's possible that some providers might have more restricted access). Global Provider User would give the user access to map all providers (so the user would need 'Global Cluster Administrator' and 'Global Provider User'), or you could grant the user individual access to the relevant providers. I think this may be a duplicate bz, but I don't remember the original one was exactly.