Bug 973241 - User logging in with no rights can access foreman
User logging in with no rights can access foreman
Status: CLOSED WONTFIX
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Provisioning (Show other bugs)
Nightly
Unspecified Unspecified
unspecified Severity high (vote)
: Unspecified
: --
Assigned To: Marek Hulan
Katello QA List
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-11 10:22 EDT by Corey Welton
Modified: 2016-09-26 10:28 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-03-12 18:58:11 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Corey Welton 2013-06-11 10:22:25 EDT
Description of problem:

Entering this on behalf of dcaplan.
When creating a non-admin user (or a user with no rights for that matter), user can switch to provisioning menu and access things as admin user.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.  In katello, create a new user "norights"
2.  Login as "norights"
3.  switch to Provisioning (foreman) UI

Actual results:
User is granted admin rights insofar as foreman is concerned and can access the UI

Expected results:
User should not have access to foreman.

Additional info:
Comment 2 Corey Welton 2013-06-11 10:24:26 EDT
* apr-util-ldap-1.3.9-3.el6_0.1.x86_64
* candlepin-0.8.9-1.el6_4.noarch
* candlepin-scl-1-5.el6_4.noarch
* candlepin-scl-quartz-2.1.5-5.el6_4.noarch
* candlepin-scl-rhino-1.7R3-1.el6_4.noarch
* candlepin-scl-runtime-1-5.el6_4.noarch
* candlepin-selinux-0.8.9-1.el6_4.noarch
* candlepin-tomcat6-0.8.9-1.el6_4.noarch
* elasticsearch-0.19.9-8.el6sat.noarch
* foreman-1.1.10005-1.noarch
* foreman-compute-1.1.10005-1.noarch
* foreman-installer-puppet-concat-0-2.d776701.git.0.21ef926.el6sat.noarch
* foreman-installer-puppet-dhcp-0-5.3a4a13c.el6sat.noarch
* foreman-installer-puppet-dns-0-7.fcae203.el6sat.noarch
* foreman-installer-puppet-foreman-0-6.568c5c4.el6sat.noarch
* foreman-installer-puppet-foreman_proxy-0-8.bd1e35d.el6sat.noarch
* foreman-installer-puppet-puppet-0-3.ab46748.el6sat.noarch
* foreman-installer-puppet-tftp-0-5.ea6c5e5.el6sat.noarch
* foreman-installer-puppet-xinetd-0-50a267b8.git.0.44aca6a.el6sat.noarch
* foreman-libvirt-1.1.10005-1.noarch
* foreman-postgresql-1.1.10005-1.noarch
* foreman-proxy-1.1.10003-1.el6sat.noarch
* foreman-proxy-installer-1.0.1-8.f5ae2cd.el6sat.noarch
* katello-1.4.2-11.el6sat.noarch
* katello-all-1.4.2-11.el6sat.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.4.2-2.el6sat.noarch
* katello-cli-1.4.2-7.el6sat.noarch
* katello-cli-common-1.4.2-7.el6sat.noarch
* katello-common-1.4.2-11.el6sat.noarch
* katello-configure-1.4.3-14.el6sat.noarch
* katello-configure-foreman-1.4.3-14.el6sat.noarch
* katello-foreman-all-1.4.2-11.el6sat.noarch
* katello-glue-candlepin-1.4.2-11.el6sat.noarch
* katello-glue-elasticsearch-1.4.2-11.el6sat.noarch
* katello-glue-pulp-1.4.2-11.el6sat.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.4.3-3.el6sat.noarch
* openldap-2.4.23-31.el6.x86_64
* openldap-devel-2.4.23-31.el6.x86_64
* pulp-rpm-plugins-2.1.1-1.el6sat.noarch
* pulp-selinux-2.1.1-1.el6sat.noarch
* pulp-server-2.1.1-1.el6sat.noarch
* python-ldap-2.3.10-1.el6.x86_64
* ruby193-rubygem-ldap_fluff-0.2.2-1.el6sat.noarch
* ruby193-rubygem-net-ldap-0.3.1-2.el6sat.noarch
* signo-0.0.16-1.el6sat.noarch
* signo-katello-0.0.16-1.el6sat.noarch
Comment 3 RHEL Product and Program Management 2013-06-12 14:33:24 EDT
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 7 Marek Hulan 2013-10-15 05:13:24 EDT
I'm unable to reproduce with latest version. Could you please update the procedure or close?
Comment 9 Bryan Kearney 2014-03-12 18:58:11 EDT
Closing old bugs which are not relevant based on new UI and CLI

Note You need to log in before you can comment on or make changes to this bug.