Bug #2894
closed
Nested groups do not inherit permissions
Description
If you add a user group to another user group it does not inherit the permissions of the parent group.
Example:
A users are in different usergroups, based on their role. (eg, Devs, QA, Ops, Support)
Servers are owned by groups based on thier role. (eg. Production, Staging, Development)
If I add the Dev usergroup to the Staging and Developement group, they cannot see the servers owned by the Staging and Development groups.
Updated by Dominic Cleal over 10 years ago
- Category changed from Web Interface to Users, Roles and Permissions
Updated by Greg Sutcliffe over 10 years ago
- Subject changed from Nested groups do not no inherit permissions to Nested groups do not inherit permissions
I can reproduce this on latest develop, using two User Groups, a Host owned by the parent User Group, and a User in the child User Group with "Owned Hosts" filtering on.
Updated by Dominic Cleal about 10 years ago
- Status changed from New to Feedback
This has hopefully been fixed in Foreman 1.5, as the authz system has been revamped and user groups with nesting have got added testing.
Host ownership no longer implies automatic permissions, but if you're upgrading from Foreman 1.4 then new roles and filters (based on ownership) will be created from your existing data. If you're setting up a new Foreman 1.5 instance, you can add a filter on hosts using owner_id = 1 and owner_type = Usergroup.
We're starting a test period for Foreman 1.5's new auth system, more information available at [[Auth_testing_for_Foreman_15] if you have the opportunity.
Updated by Anonymous almost 7 years ago
- Status changed from Feedback to Resolved
should be fixed with 1.5+