Project

General

Profile

Bug #21794

The remote execution views in katello should require view_hosts, not edit_hosts permision

Added by Ivan Necas about 4 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Roles and Permissions
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

In #19336, we added the remote-execution specific paths to the edit_hosts permission.
However, the rex plugin itself requires just view_hosts for this. as the execution permission
is given by another permission, that is granted by Remote Execution User role: the remote execution
user role doesn't grant edit_hosts. Therefore we should change the required role is Katello for this purposes as well

Associated revisions

Revision f7340d45 (diff)
Added by Ivan Necas about 4 years ago

Fixes #21794 - use view_hosts for rex actions

The Remote Execution User needs just view_hosts (side by side to
execute_job_invocation) permission and there is no reason at all
to use edit_hosts permission for this purposes in Katello.

This way, the `Remote Execution User` role will work correctly
for Katello use-cases as well, which was not the case, when using
`edit_hosts` permission.

History

#1 Updated by The Foreman Bot about 4 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/Katello/katello/pull/7087 added

#2 Updated by Ivan Necas about 4 years ago

  • % Done changed from 0 to 100
  • Status changed from Ready For Testing to Closed

#3 Updated by Justin Sherrill almost 4 years ago

  • Legacy Backlogs Release (now unused) set to 329
  • Category set to Roles and Permissions

#4 Updated by Ivan Necas almost 4 years ago

  • Bugzilla link set to 1443816

Also available in: Atom PDF