Description of problem: If I give a user all User related roles in Global Permissions (Read Users, Administer Users, Modify Users, and Delete Useres), people assigned this role can start to create a new user, but when they choose an Org the list of environments never populate. Adding the Read Organizations and Read Environment Contents Global Roles does not help. In addition adding full permission to the Org for which they were intended to administer users in does not help either. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Create a new role with all global permissions related to users 2. Assign the role to a user 3. Login as the user with the new role and attempt to create a new role Actual results: Environments never populate Expected results: Environments should populate Additional info: It seems to only work if I assign full administrative privileges.
Sorry, "3. Login as the user with the new role and attempt to create a new role" should read: "3. Login as the user with the new role and attempt to create a new user"
if the creating user doesn't have organization-viewing permissions, then i think he/she shouldn't be able to see the list of organizations. So effectively (with only User permissions) the creating user should only be able to create Users, but not assign Organizations and Environments.
The two problems with that. The first is that it happens when you give the person full access to an Org and all user rights they still can't get the list of environments. For instance, I created an account for myself 'jmontleo' who has the 'SOC Administrator' Role which grants full access to the SOC Organization. In addition I have granted my account the 'User Management Role' which includes Global Permissions for Users, with the verbs Read Users, Administer Users, Delete Users, Modify Users on +All. The second is that if you try to save a user without assigning an environment you get the following error and the user does not get saved (even though there are four environments (Dev, QA, Stage, and Prod) in the Org: No environments are currently available in this organization. Please either add some to the organization or select an organization that has an environment to set user default. (RuntimeError) Click here for more details.
You wouldn't get that error about an org not having environments if you weren't able to select the org in the first place. The suggestion is that if you don't have environment access, put a nice message on that page indicating that without the proper permissions, a default system environment is not settable.
But why wouldn't I be able to select the Org or see the environments if my account has full access to the Org.
@Jason, the permission check was messed up to start with. That's why it wasn't working even if you had correct org and env viewing permissions.
https://github.com/Katello/katello/commit/dc3b0aca6cfa4176ec8a404e9b9534b2093a0af6
Moving all POST bugs to ON_QA since we have delivered a puddle with the bugs.
VERIFIED. Steps: 1. Create a new role with all global permissions related to users 2. Assign the role to a user 3. Login as the user with the new role and attempt to create a new user Packages tested: * candlepin-0.8.19-1.el6sam.noarch * candlepin-scl-1-5.el6_4.noarch * candlepin-scl-quartz-2.1.5-5.el6_4.noarch * candlepin-scl-rhino-1.7R3-1.el6_4.noarch * candlepin-scl-runtime-1-5.el6_4.noarch * candlepin-selinux-0.8.19-1.el6sam.noarch * candlepin-tomcat6-0.8.19-1.el6sam.noarch * elasticsearch-0.19.9-8.el6sat.noarch * katello-candlepin-cert-key-pair-1.0-1.noarch * katello-certs-tools-1.4.2-2.el6sat.noarch * katello-cli-1.4.3-5.el6sat.noarch * katello-cli-common-1.4.3-5.el6sat.noarch * katello-common-1.4.3-6.el6sam_splice.noarch * katello-configure-1.4.4-2.el6sat.noarch * katello-glue-candlepin-1.4.3-6.el6sam_splice.noarch * katello-glue-elasticsearch-1.4.3-6.el6sam_splice.noarch * katello-headpin-1.4.3-6.el6sam_splice.noarch * katello-headpin-all-1.4.3-6.el6sam_splice.noarch * katello-selinux-1.4.4-2.el6sat.noarch * thumbslug-0.0.32-1.el6sam.noarch * thumbslug-selinux-0.0.32-1.el6sam.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2013-1390.html