Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1510079 - [RFE] Tasks are visible to everybody, regardless of organization access rights
Summary: [RFE] Tasks are visible to everybody, regardless of organization access rights
Keywords:
Status: NEW
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Tasks Plugin
Version: 6.2.0
Hardware: All
OS: Linux
medium
medium vote
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Jan Hutař
URL:
Whiteboard:
: 1322566 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-06 16:32 UTC by Prajeesh
Modified: 2019-04-10 03:04 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Prajeesh 2017-11-06 16:32:11 UTC
Tasks are visible to everybody, regardless of organization access rights.

Users with permissions view_foreman_tasks and edit_foreman_tasks, granted to inspect tasks results and error messages, are able to cancel ANY canceable task. This is far from the advertised multi tenancy.

Visibility should be limited to own tasks, or at least to task from the own organization. To see all tasks, and kill task submitted by others, a special administrative filter should be available.

Comment 1 Marek Hulan 2017-11-07 06:50:24 UTC
This is not easy to do, since tasks are not scoped per organization. I believe filter can be finegrained by tasks attributes including owner, but you'd need to create separate filter for each user, since we can't define a condition such as "owner = $current_user".

Personally I consider tasks page as maintanance tool and would not expect non admin users to interact with it. If users need cancelling, it should be provided by page that generates the tadk, e.g. rex jobs have their cancel button.

Moving to tasks component to consider.

Comment 3 Bengt Giger 2017-11-13 15:21:44 UTC
This depends on the definition of "non admin", or "admin". Multi tenant environments do not simply have adminstrators, they have administrators responsible for the system, and administrators local to the tenant (organization). Delegation of responsibilities to the organizational level is vital, as is separation. 

There are worse separation issues than this, with severe security consequences. But regarding the advertised features, everything breaking the borders of tenants is more than just a feature nice to have.

Comment 4 Marek Hulan 2017-11-15 12:08:28 UTC
I understand your point and you're right. By admin I meant system administrator of Satellite. In ideal case, organization admin should have no need to visit tasks page. Or we should start scoping tasks by the context (organizaton/location) in which they have been created. Similarly to audits, where we have the same problem I believe.

Comment 5 Marek Hulan 2017-11-15 15:10:53 UTC
*** Bug 1322566 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.