Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 910846

Summary: UserVmManager role on system allows usage of all templates
Product: Red Hat Enterprise Virtualization Manager Reporter: Jiri Belka <jbelka>
Component: ovirt-engineAssignee: Piotr Kliczewski <pkliczew>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.2.0CC: acathrow, bazulay, iheim, jkt, lpeer, michal.skrivanek, Rhev-m-bugs, yeylon
Target Milestone: ---   
Target Release: 3.4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-18 12:32:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 878812    
Bug Blocks:    

Description Jiri Belka 2013-02-13 16:58:45 UTC 
Description of problem:

I assigned to my user (portaluser4) UserVmManager role on whole system, then I discovered this user can see all templates, even those templates are not public (not having 'Everyone' user). This makes this user to see all "private" templates on whole system.

A private template includes:

portaluser 4 (portaluser4.eng.brq.redhat.com)
UserVmManager
(System)

A public template includes:

portaluser 4 (portaluser4.eng.brq.redhat.com)
UserVmManager
(System)
	
Everyone
UserTemplateBasedVm

This seems to me like object mismatch, my should be VM related role (UserVmManager) assigned to templates?

No template action is checked in - Configure -> Roles -> UserVmManager - Edit...

As I said in the past, we need clear table with userroles and objects they should related, this would help a lot.

Version-Release number of selected component (if applicable):
sf6

How reproducible:
100%

Steps to Reproduce:
1. assing UserVmManager on system
2. login to User Portal and check templates
3. in Admin portal create "private" template
4. check if you can see and use this template in User Portal
  
Actual results:
UserVmManager privilege makes possible to see/use templates which are not public, it means not having 'Everyone' and not having explicit permission for this user.

Expected results:
UserVmManager privilege should not be able to see/use "private" templates.

Additional info:
Comment 7 Barak 2014-03-18 12:32:17 UTC 

*** This bug has been marked as a duplicate of bug 878812 ***