Bug 986448 - Permissions for group "Everyone" do not apply to VM Pool
Summary: Permissions for group "Everyone" do not apply to VM Pool
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine
Version: 3.2.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 3.2.3
Assignee: Yair Zaslavsky
QA Contact:
URL:
Whiteboard: infra
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-07-19 20:09 UTC by wdaniel
Modified: 2018-12-03 19:24 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-07-22 12:18:24 UTC
oVirt Team: Infra
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description wdaniel 2013-07-19 20:09:37 UTC
Description of problem:

The group "Everyone" has been given the "UserRole" permissions so that they may log in and view the VM Pool. Users are not even able to log into the portal and are going the "User is not authorized" message preventing them from getting to the pool. Specifying individual AD users grants them access without issue.

Actual results:
User prevented from logging in


Expected results:
User can log in and launch VM from pool

Additional info:
This occurred to a 3.2 setup after upgrading from 3.1. Updating to 3.2.1 did not change anything.

Comment 4 Itamar Heim 2013-07-22 14:52:07 UTC
note customer can give this to domain\everyone group which should work

Comment 7 wdaniel 2013-07-24 19:52:40 UTC
Itamar,

The customer has responded with the following:

"Regarding the update from Itamar in the BZ, this is not accurate.  There is no "Everyone" group in AD.  Adding "Domain Users" also does not work, if that was his intention.  It seems that AD groups are not being properly enumerated."

Could this be linked to bug 980521?

Comment 8 Itamar Heim 2013-07-24 20:17:19 UTC
I'm pretty sure there is an everyone group in windows, but it has been a while and i may be confusing local server groups with AD ones.
domain users would have the same effect - yes.
and yes, seems like you should request 3.2.z for bug 980521.


Note You need to log in before you can comment on or make changes to this bug.