RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 839008 - Indirect roles not checked for in WebUI
Summary: Indirect roles not checked for in WebUI
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.4
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: Namita Soman
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-07-10 15:51 UTC by Dmitri Pal
Modified: 2013-02-21 09:16 UTC (History)
4 users (show)

Fixed In Version: ipa-3.0.0-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: Identity Management Web UI Administrator interface was not enabled for users who were indirect members of administrative roles, e.g. for a user which is a member of a group which is a member of administrative role. Consequence: Such users were not able to perform Identity Management administrative tasks via Web UI. Fix: Allow Web UI Administrator interface for indirect members of administrative roles. Result: Indirect members of administrative roles are now able to perform administrative tasks within Identity Management Web UI.
Clone Of:
Environment:
Last Closed: 2013-02-21 09:16:40 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0528 0 normal SHIPPED_LIVE Low: ipa security, bug fix and enhancement update 2013-02-21 08:22:21 UTC

Description Dmitri Pal 2012-07-10 15:51:47 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2899

When using the WebUI the admin navigation isn't enabled for users who are indirect members of roles.
Comment 1 Petr Vobornik 2012-07-11 07:23:41 UTC 
Fixed upstream: e494650b2cdb6ac7e1eda3da7cf03d4c36f2739a
Comment 2 Jenny Severance 2012-09-25 16:10:22 UTC 
regression test is automated
Comment 5 Xiyang Dong 2013-01-21 13:41:30 UTC 
verified in ipa-server-3.0.0-22.el6.x86_64

https://wiki.idm.lab.bos.redhat.com/qa/archive/ipa/webui/automation/firefox/test-output-ipa-server-3.0.0-QA/0114_64bit/full%20suite/IPARBACTestSuite/index.html

testIndirectRoles_Bug839008
Bug 839008 - Indirect Roles
Parameters: bug839008_IndirectRoles, Read DNS Entries, bug839008_privilege, bug839008_privilege desc, bug839008_role, bug839008_roleDesc, bug839008_user, bug839008_givenname, bug839008_sn, Secret123, bug839008_group, bug839008_group desc
Hide output Show all outputs
Starting Test: testIndirectRoles_Bug839008([bug839008_IndirectRoles, Read DNS Entries, bug839008_privilege, bug839008_privilege desc, bug839008_role, bug839008_roleDesc, bug839008_user, bug839008_givenname, bug839008_sn, Secret123, bug839008_group, bug839008_group desc])

Starting Test: testIndirectRoles_Bug839008([bug839008_IndirectRoles, Read DNS Entries, bug839008_privilege, bug839008_privilege desc, bug839008_role, bug839008_roleDesc, bug839008_user, bug839008_givenname, bug839008_sn, Secret123, bug839008_group, bug839008_group desc])

Add Permission - read dns entries

Asserted: Actual value of 'bug839008_privilege desc' matches expected value.

Asserted: Verified Read DNS Entries is listed for bug839008_privilege

Add Role - bug839008_role

Asserted: Verified privilege bug839008_privilege is listed for bug839008_role

Add User bug839008_user

Asserted: User added successfully

Add User Group bug839008_group

Asserted: User Group added successfully

Asserted: user bug839008_user is a member of user group bug839008_group

Asserted: User group bug839008_group is a memberof roles: bug839008_role

Asserted: Indirect membership of role to the user verified

Asserted: reset password for first time login

Password for bug839008_user:

Asserted: Logged in successfully as bug839008_user

Asserted: DNS zones listed - verified

Test Passed: testIndirectRoles_Bug839008([bug839008_IndirectRoles, Read DNS Entries, bug839008_privilege, bug839008_privilege desc, bug839008_role, bug839008_roleDesc, bug839008_user, bug839008_givenname, bug839008_sn, Secret123, bug839008_group, bug839008_group desc])

Test Passed: testIndirectRoles_Bug839008([bug839008_IndirectRoles, Read DNS Entries, bug839008_privilege, bug839008_privilege desc, bug839008_role, bug839008_roleDesc, bug839008_user, bug839008_givenname, bug839008_sn, Secret123, bug839008_group, bug839008_group desc])
Comment 7 errata-xmlrpc 2013-02-21 09:16:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html
Note You need to log in before you can comment on or make changes to this bug.