Project

General

Profile

Actions
Copy link

Bug #27988

closed

Non-Admin user can see All Remote Execution Jobs initiated by other users

Added by Adam Ruzicka over 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
High
Assignee:
Leos Stejskal
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
1694868
Pull request:
https://github.com/theforeman/foreman_remote_execution/pull/520
Fixed in Releases:
foreman_remote_execution 4.0.0
Found in Releases:
Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1694868

Non-Admin user can see All Remote Execution Jobs initiated by other users

Description of problem:

- Assign Remote Execution permissions to Non-Admin User.
- These permissions are restricted to some hosts
- Problem is, this user can see all Remote Execution Jobs under "Satellite Web UI --> Monitor --> Jobs"
- And if User clicked on the job then there are not much details can see in Overview tab but from Preview templates tab, host and action info still visible.

Version-Release number of selected component (if applicable): 6.4.x

How reproducible:

Steps to Reproduce:
1. Create Non-Admin user on Satellite server
2. Assign below permissions to user and restrict user to view HostCollection (HostCollection1) :

----|--------------------|-----------------------------------|-----------|-----------|----------------|---------------------------------------------------------------------------------
ID | RESOURCE TYPE | SEARCH | UNLIMITED?| OVERRIDE? | ROLE | PERMISSIONS
----|--------------------|-----------------------------------|-----------|-----------|----------------|---------------------------------------------------------------------------------
301 | (Miscellaneous) | none | yes | no | 01 Custom Role | access_dashboard
302 | Host | host_collection = HostCollection1 | no | no | 01 Custom Role | view_hosts, edit_hosts, build_hosts, console_hosts
306 | Organization | none | no | no | 01 Custom Role | view_organizations
308 | JobInvocation | none | yes | no | 01 Custom Role | create_job_invocations, view_job_invocations, cancel_job_invocations
312 | TemplateInvocation | none | yes | no | 01 Custom Role | view_template_invocations, create_template_invocations, filter_autocompletion...
314 | JobTemplate | none | no | no | 01 Custom Role | view_job_templates, create_job_templates, edit_job_templates
------|------------------|-----------------------------------|-----------|-----------|----------------|---------------------------------------------------------------------------------

3. Login with User and go to "Satellite Web UI --> Monitor --> Jobs" 
  4. USer can see all Remote Execution Jobs

Actual results:
- USer can see all Remote Execution Jobs

Expected results:
- User can not see Remote Execution Jobs on which user does not have permission
- Need restrict user to see Jobs initiate by the user only

Additional info:

Actions
Copy link

Also available in: Atom PDF