Description of problem: rest api returns 400 code on insufficient permissions (403 should be returned) I've encountered it at accessing of /api/vms as a non-admin user without "filter: true" set but it may be present elsewhere as well. Version-Release number of selected component (if applicable): si19.1 / 3.1-18 How reproducible: always Steps to Reproduce: 1. as a user with no admin role, access /api/vms without "filter: true" header set: $ curl -D - ... \ -X GET https://rhevm.example.com/api/vms 2. 3. Actual results: HTTP/1.1 400 Bad Request Date: Wed, 17 Oct 2012 16:45:09 GMT Content-Type: application/xml Content-Length: 188 Connection: close <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <fault> <reason>Operation Failed</reason> <detail>query execution failed due to insufficient permissions.</detail> </fault> Expected results: you'll get HTTP/1.1 403 Forbidden Additional info:
this issue was raised some time ago, and will be possible only after [1] is implemented. [1] https://bugzilla.redhat.com/show_bug.cgi?id=755575
*** This bug has been marked as a duplicate of bug 755579 ***