Bug 986448 - Permissions for group "Everyone" do not apply to VM Pool
Permissions for group "Everyone" do not apply to VM Pool
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine (Show other bugs)
Unspecified Unspecified
unspecified Severity high
: ---
: 3.2.3
Assigned To: Yair Zaslavsky
: Triaged
Depends On:
  Show dependency treegraph
Reported: 2013-07-19 16:09 EDT by wdaniel
Modified: 2016-02-10 14:09 EST (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-07-22 08:18:24 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description wdaniel 2013-07-19 16:09:37 EDT
Description of problem:

The group "Everyone" has been given the "UserRole" permissions so that they may log in and view the VM Pool. Users are not even able to log into the portal and are going the "User is not authorized" message preventing them from getting to the pool. Specifying individual AD users grants them access without issue.

Actual results:
User prevented from logging in

Expected results:
User can log in and launch VM from pool

Additional info:
This occurred to a 3.2 setup after upgrading from 3.1. Updating to 3.2.1 did not change anything.
Comment 4 Itamar Heim 2013-07-22 10:52:07 EDT
note customer can give this to domain\everyone group which should work
Comment 7 wdaniel 2013-07-24 15:52:40 EDT

The customer has responded with the following:

"Regarding the update from Itamar in the BZ, this is not accurate.  There is no "Everyone" group in AD.  Adding "Domain Users" also does not work, if that was his intention.  It seems that AD groups are not being properly enumerated."

Could this be linked to bug 980521?
Comment 8 Itamar Heim 2013-07-24 16:17:19 EDT
I'm pretty sure there is an everyone group in windows, but it has been a while and i may be confusing local server groups with AD ones.
domain users would have the same effect - yes.
and yes, seems like you should request 3.2.z for bug 980521.

Note You need to log in before you can comment on or make changes to this bug.