Project

General

Profile

Actions

Bug #6070

open

view_compute_resources + power_compute_resource_vms permission provides access to all vms

Added by Dylan Charleston almost 10 years ago. Updated almost 7 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Users, Roles and Permissions
Target version:
-
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

The view_compute_resources is required for users to select the compute resource to deploy on when creating a new host. If the user has access to power_compute_resource_vms, they can go into the compute resources "Virtual Machines" tab and power VMs which they shouldn't have access to. I assume this is the same for deleting hosts as well but I haven't tested it. Perhaps there needs to be another permission called "deployon_compute_resource" which allows users to select the compute resources in the host creation page but not browse the compute resource page.

Currently on 1.5.0

Actions #1

Updated by Dominic Cleal almost 10 years ago

  • Category changed from Compute resources to Users, Roles and Permissions
Actions #2

Updated by Rich Boyce almost 7 years ago

We are also seeing this bug, in Foreman version 1.14.2. A user with this combination of rights can power off a VM that it does not have rights over in Foreman.

Actions

Also available in: Atom PDF