Bug 950503
| Summary: | [RFE][webadmin] Don't show inherited creator roles on objects. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Ondra Machacek <omachace> |
| Component: | ovirt-engine | Assignee: | Piotr Kliczewski <pkliczew> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 3.2.0 | CC: | acathrow, bazulay, dron, ecohen, emesika, iheim, jkt, lpeer, oourfali, Rhev-m-bugs, yeylon |
| Target Milestone: | --- | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | infra | ||
| Fixed In Version: | Doc Type: | Enhancement | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-05-27 06:25:53 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 878812, 951935 | ||
|
Description
Ondra Machacek
2013-04-10 11:15:15 UTC
Roles determine both what you can see, and what you can do. If you are an administrator, and in addition you have some DiskCreator role on System, then you can see all the objects as you are an administrator, and you can create disks on all SDs because you have DiskCreator role. So, the fact you have DiskCreator shown on the SDs has a meaning. The same applies to users, although you can't really see permissions on objects such as clusters, SD, and etc., only on leaves such as VMs, Templates and etc. Thus, if hiding such roles, I'd do that only in the user-portal / user-level API, and not in the webadmin / admin API. Also, there is no notation of "creator" roles. A role can have no action group that allows to view children, but it won't be a creator role. Another problematic fact is that we hide this property from the user, so hiding such roles will be weird, as users won't understand why we show one role, while not showing other roles. So, I suggest we do one of the following: 1. Close this bug 2. Hide roles without allow_viewing_children action groups 3. Consider handling that in a bigger scope, when solving Bug #878812 simon please advise (In reply to comment #2) > simon please advise Ack on comment #1, Oved please create a bug for Hide roles without allow_viewing_children action groups if that is not the current status. And then close this one. Adding the bug to my MLA usability tracker. (In reply to comment #3) > (In reply to comment #2) > > simon please advise > > Ack on comment #1, Oved please create a bug for Hide roles without > allow_viewing_children action groups if that is not the current status. And > then close this one. > > Adding the bug to my MLA usability tracker. Even if opening a new bug (which I'm notsure we need... we can just change this bug's title), I think we should go with option #3. We currently hide the allow_viewing_children information from the user, so fixing problem #2 not as part of a bigger solution, won't help much. OK then, let's fix as part of bug 878812 scope, making this on dependent. Showing inherited creator roles is relevant for some types of objects/roles. For example, DiskCreator role on System allows you to create disks in all DCs, storage domains under the DCs, etc., so showing DiskCreator also in lower levels of the hierarchy makes sense. Same for VmCreator. It is true that perhaps it is less relevant to show it on VMs or Disks, but we might decide that these roles also have an effect on these object types as well in the future. Closing this bug as WONTFIX, as it is somewhere between not a bug and not worth fixing. |