Actions
Feature #7289
openACL who can add a host to hostgroup.
Status:
New
Priority:
Normal
Assignee:
-
Category:
Users, Roles and Permissions
Target version:
-
Description
With foreman 1.4 if a user had edit rights to a host due to a filter applied to a subset of hostgroups
they could
- Move a host to any hostgroup via API
- however when editing via web interface they were at least only
presented with hosgroups to which they were enabled in filter.
With foreman 1.5 the first point is still true that via API a host can be put in any hostgroup
but also the drop down box contains all hostgroups so it's a bit more obvious.
Having set up a role like the following with 1.5.
Resource | Permissions | Search |
hostgroup | view_hostgroups, create_hostgroups, edit_hostgroups, destroy_hostgroups | title = cvmfs or title ~ cvmfs/% |
Host/managed | view_hosts, create_hosts, destroy_hosts, console_hosts, build_hosts, edit_hosts, ipmi_boot, power_hosts, puppetrun_hosts | hostgroup_title = cvmfs or hostgroup_title ~ cvmfs/% |
You also get the slightly bizare consequence that a user can edit a host in such a way that they then no longer
have access to it.
The RFE is to request to somehow control which hostgroups a user is permitted to put hosts in. Returning to old
1.4 behaviour where the drop down box was limited to hostgroups that can be viewed would also be good.
Updated by Dominic Cleal almost 11 years ago
- Related to Feature #4477: Improve permissions on resources in host creation/editing form added
Updated by Dominic Cleal almost 11 years ago
- Tracker changed from Bug to Feature
- Subject changed from RFE - ACL who can add a host to hostgroup. to ACL who can add a host to hostgroup.
Updated by Dominic Cleal over 9 years ago
- Has duplicate Bug #12349: Filtering host groups does not work in the host creation screen added
Updated by Dominic Cleal about 9 years ago
- Has duplicate Bug #14248: Unable to control where users can build hosts added
Updated by Tomer Brisker about 9 years ago
- Has duplicate deleted (Bug #14248: Unable to control where users can build hosts)
Updated by Tomer Brisker about 9 years ago
- Related to Bug #14248: Unable to control where users can build hosts added
Updated by Marek Hulán over 8 years ago
- Related to Bug #6760: Models should ensure the authorization of associated objects before associating them to the model added
Actions