Project

General

Custom queries

Profile

Actions
Copy link

Feature #5217

closed

As a user, I should have CRUD permissions for all entities that are exposed to me.

Added by Eric Helms about 11 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Katello 2.0
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Related issues 26 (0 open26 closed)

Related to Katello - Feature #5260: As a user, I should be able to assign CRUD permissions for Sync PlansClosedWalden Raines04/21/2014Actions
Related to Katello - Feature #5416: As a user, I should be able to assign CRUD permissions for Activation keysClosedWalden Raines04/23/2014Actions
Related to Katello - Feature #5434: As a user, I should be able to assign CRUD permissions for Content ViewsClosedWalden Raines04/24/2014Actions
Related to Katello - Bug #5529: As a user, I should only see widgets on the content dashboard that I have access to.Closed05/01/2014Actions
Related to Katello - Feature #5532: As a user, I should only see entities I have access to within Content Search.Closed05/01/2014Actions
Related to Katello - Feature #5562: As a user, I should be able to assign permissions for Foreman tasksDuplicate05/02/2014Actions
Related to Katello - Feature #5591: Red Hat Repositories: authorizationClosedWalden Raines05/06/2014Actions
Related to Katello - Feature #5593: Fix menu so authorized items are displayed post single page app workClosedWalden Raines05/06/2014Actions
Related to Katello - Feature #5627: Api V2 Tasks controller: CRUD authorizationClosedEric Helms05/07/2014Actions
Related to Katello - Feature #5635: Bastion: add translated 403 message to displayed error messages on form submitClosedWalden Raines05/08/2014Actions
Related to Katello - Bug #5682: view lifecycle environments permisisons need to be handled betterClosedPartha Aji05/12/2014Actions
Related to Katello - Feature #4351: Global user permissions need to be delivered to angular pagesDuplicateWalden Raines02/14/2014Actions
Related to Katello - Feature #5503: Available UI interactions should reflect a user's permissionsClosedWalden Raines04/29/2014Actions
Related to Katello - Feature #6040: Add Katello view permissions to foreman "Viewer" roleClosedWalden Raines06/03/2014Actions
Related to Katello - Feature #6321: Bastion pages should enforce permissions when entering the pageClosedWalden Raines06/20/2014Actions
Blocked by Katello - Feature #5230: As a user, I should be able to assign CRUD permissions for GPG Keys.ClosedEric Helms04/17/2014Actions
Blocked by Katello - Feature #5261: As a user, I should be able to assign CRUD permissions for Products and Repositories.ClosedEric Helms04/21/2014Actions
Blocked by Katello - Feature #5521: As a user, I should be able to assign CRUD permissions to subscriptions.ClosedEric Helms05/01/2014Actions
Blocked by Katello - Feature #5531: As a user, I should be able to assign relevant permissions for Sync actions.Closed05/01/2014Actions
Blocked by Katello - Feature #5530: As a user, I should be able to assign CRUD permissions for Lifecycle Environments.ClosedPartha Aji05/01/2014Actions
Blocked by Katello - Feature #5533: As a user, I should be able to assign CRUD permissions for Content Hosts.ClosedEric Helms05/01/2014Actions
Blocked by Katello - Feature #5535: As a user, I should be able to assign CRUD permissions for System Groups.ClosedWalden Raines05/01/2014Actions
Blocked by Foreman - Feature #5537: Menu/authorization: need alternative to rails controller centric authorizationClosed04/30/2014Actions
Blocked by Foreman - Bug #5578: Cant set permissions on specific resource types Closed05/05/2014Actions
Blocked by Katello - Bug #5702: (Roles Branch) v2 Content Views Controller index call ignoring environment id ClosedPartha Aji05/13/2014Actions
Blocked by Katello - Bug #5843: Remove v1 API routesClosedWalden Raines05/20/2014Actions
Actions
Copy link
 #3

Updated by Eric Helms about 11 years ago

Copying in the bulk of the notes from our earlier roles etherpading:

Permission Requirements

Minimum Requirements

As a user, I should be able to define a permission for CRUD on all Katello entities that are exposed to the user. (http://projects.theforeman.org/issues/5217)
As a user, I should be able to lock permissions by Organizations.
As a user, I should be able to lock permissions by Lifecycle Environment.
As a user, I should not see menu items for entities that I do not have access to.
As a user, I should not be able to access APIs I don't have permissions to.
As a user, I should have consistent permissions across Fortello.
As a user, I'd like not to see or have access to the legacy roles/permissions from Katello.
As a readonly user, I should not be able to edit any entity through the API or UI.

Nice to have Requirements

Hosts/Systems

As a user I should be able to define a permission to manage systems in system group A
As a user I should be able to define a permission to manage the association between system group A and all systems I can manage through my other permissions.
As a user I should be able to define a permission to manage All Systems in Environment C
As a user I should be able to define a permission to manage All Systems in Environment C within Content View X
As a user I should be able to define a permission to manage All Systems in Organization O
As a user I should be able to define a permission to restricts which Environments and Content Views a user can assign (or register) a System to.

Content Views & Lifecycle Environments:

As a user I should be able to define a permission to publish a new version of Content View X
As a user I should be able to define a permission to promote Content View X to Environment Y

Open Questions

  • CRUD BY Org (sounded like Yes) * If we address permissions in the API, will the CLI just work?
  • Question for CLI guys to see how Foreman side currently works against their permissions * Can we do the implementation entity by entity or page by page?

Example - https://github.com/Katello/katello/pull/3789/files

Issues

http://projects.theforeman.org/issues/5217

Action Items

Create Role-rework branch (ehelms) https://github.com/Katello/katello/tree/roles
Create permissions.rb file and include it from the plugin.rb file (ehelms)
Remove Legacy Katello roles UI
Dig into mechanics of new permissions as they relate to controllers (partha)
For a given entity:
Define the CRUD permission set for entity
Define the set of scoped search fields used when filtering
Re-factor guts of the entity Authorization module, remove where it no longer makes sense
Remove rules from the controller (handled by permission definitions/routes combinations)
Fix tests
Test the UI
Test the API
Test that the Menu item hides properly

Pages

Content Dashboard
Lifecycle Environment management (partha)
Activation Keys
Manage Subscriptions
RedHat Repo enable/disable
Products & Repository (ehelms)
GPG Keys (ehelms) - https://github.com/Katello/katello/pull/3985
Sync Status
Sync Plan (walden)
Content Views
Content Search
System/Content Hosts
System Groups (Host Collections)
Content About
Content Notices

Actions
Copy link

Also available in: Atom PDF