Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1516140 - [RFE] Satellite user should be allowed to only delete global bookmarks created himself.
Summary: [RFE] Satellite user should be allowed to only delete global bookmarks create...
Keywords:
Status: NEW
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: WebUI
Version: 6.2.0
Hardware: x86_64
OS: Linux
unspecified
medium vote
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: vijsingh
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-22 07:22 UTC by Sagar Lutade
Modified: 2019-03-29 06:32 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Foreman Issue Tracker 22194 None None None 2018-01-09 14:16:18 UTC

Description Sagar Lutade 2017-11-22 07:22:36 UTC
Description of problem:

Users can manage their personal bookmarks.
But these permissions unconditionally allow them to:

~~~~
1. add global bookmarks visible independent of their limitations of access to organizations
~~~~

=> At this moment, when you add a bookmark, it can be either "Public" (Visible to all other as you mentioned") or "Private" (Visible to only that user). I have not found any option to categorized bookmark based on "Organization". 

From GUI if you go to the first tab > Manage Organization > These are the parameters can be select / deselect based on the organization, there is no "Bookmark" option here as well. 

~~~~
2. delete global bookmarks independent of their limitations of access to organizations and of who has created the bookmark
~~~~

Comment 2 Marek Hulan 2017-11-29 15:06:53 UTC
The bookmarks operations are allowed based on what permissions user has been granted. Bookmarks are not scoped per organization, so there's no way to tell what bookmarks user should be able to destroy. Global bookmarks are entirely global so Satellite admins can create them for all users. By default, users have only permission to view bookmarks. I think it's a valid RFE to have "organization bookmarks" though.

As a workaround for now if you don't have too many orgs, you can also limit bookmarks permissions using "Search" on the filter so you could create rule like user can only edit/destroy bookmarks with "name ~ myorg-*`.

Comment 3 Bengt Giger 2017-12-08 11:30:44 UTC
We have 19 tenants (organizations) and 120 users. The frequently proposed workaround using filtered rules, for all the many components which are not multi tenant aware, may work with small installations but is not manageable on a larger scale.

Since personal bookmarks often are most useful if they restrict to objects owned by a user, the ability for users to manage their personal bookmarks is important. Besides organizational bookmarks, the differentiation between acting on my own vs. tenant vs. global bookmarks is highly desired.

Comment 4 Ondřej Pražák 2018-01-09 14:16:15 UTC
Created redmine issue http://projects.theforeman.org/issues/22194 from this bug


Note You need to log in before you can comment on or make changes to this bug.