menu item "Hosts --> All hosts" is visible to normal user from anonymous role by default
|Assigned To:||Daniel Lobato Garcia|
|Target version:||Sprint 26|
|Found in release:||Pull request:||https://github.com/theforeman/foreman/pull/1549|
|Velocity based estimate||-|
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1112750
Description of problem:
I created a simple user in "Any context" mode and did not assign any location, org and roles. But following menus are visible to that user.
Ideally user shouldn't be allowed to have access to any of menu items without any permission. Hosts menu shows "All Hosts" and user can see the created hosts.
Version-Release number of selected component (if applicable):
sat6 beta snap10 compose2
Steps to Reproduce:
1. Login with admin user
2. create a user in "Any context" and do not assign location and org
3. logout with admin user and login with newly created user
User can see Hosts --> All hosts
user shouldn't be allowed to have access to any of menu items without any permission
#1 Updated by Dominic Cleal over 3 years ago
- Category set to Authentication
Not really "any permission", but all users automatically get the "Anonymous" role added. By default the anonymous role (a terrible name in itself, see #994) grants an unlimited view_hosts permission. This confuses a lot of people and should be removed by default IMHO.