Description of problem: /api (api entry point) should be accessible for all users if they successfully authenticate. This bug makes rhevm-cli unusable for non-admin users. Version-Release number of selected component (if applicable): 3.1.0-18 / si19.1 How reproducible: always Steps to Reproduce: 1. curl -u regular_user ... https://rhevm.example.com/api 2. 3. Actual results: 400 bad request <fault> <reason>Operation Failed</reason> <detail>query execution failed due to insufficient permissions.</detail> </fault> Expected results: 200 OK ... Additional info:
non-admin users should raise -filter flag, did you used it?
David, from your curl example i see that you did not passed /filter header what is required for non-admin users for being served, also afaik this use-case has been tested by ondra, so i'm closing this bug, - reopen it if you have other findings.
in si24, the /api is accessible for plain users when "filter: true" is set. I didn't test the cli (and I don't have access to the setup atm), the second use case for this behaviour I envisioned was to have a single point that app accessing filtered results can GET to get authentication cookie without unnecessary load on the server.