Bug 847333 - Permission given to a group doesn't apply to its member
Permission given to a group doesn't apply to its member
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine (Show other bugs)
Unspecified Unspecified
high Severity high
: ---
: ---
Assigned To: Yaniv Bronhaim
Ondra Machacek
: Regression
Depends On:
  Show dependency treegraph
Reported: 2012-08-10 11:09 EDT by David Jaša
Modified: 2016-02-10 14:13 EST (History)
10 users (show)

See Also:
Fixed In Version: si16
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-12-04 14:59:10 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description David Jaša 2012-08-10 11:09:42 EDT
Description of problem:
Permission given to a group doesn't apply to its member. Tested with AD as an identity provider.

Version-Release number of selected component (if applicable):
rhevm-3.1.0-11.el6ev.noarch / si13.2

How reproducible:

Steps to Reproduce:
1. add an AD domain with a User that is member of some Group to RHEV-M
2. in Configure -> System Permissions, assing PowerUserRole to the Group
3. log in as the User to UserPortal
Actual results:
User can access basic UserPortal only

Expected results:
User can acces PowerUserPortal

Additional info:
* when you add the User directly in Configure -> System Permissions, he can log in to PUP.
* looks related to bug 839319, bug 810400 and bug 846300.
Comment 1 Yaniv Bronhaim 2012-08-16 09:14:54 EDT
suggest patch: http://gerrit.ovirt.org/#/c/7262/
Comment 2 David Jaša 2012-08-17 09:06:25 EDT
Still present in si14 - if I apply VmCreator to a user, she can see Extended UP, however if I add it to a group, members of the group can not.
Comment 3 Yaniv Bronhaim 2012-08-19 11:32:10 EDT
in reply to comment #2
You'r correct, this patch will enter si15.
I just verified this scenario on my development setup.

Note You need to log in before you can comment on or make changes to this bug.