Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 163544 - Java Security for SDC
Summary: Java Security for SDC
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Network
Classification: Red Hat
Component: RHN/R&D
Version: RHN Devel
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Ken Ganong
QA Contact: Mike McCune
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-07-18 19:01 UTC by Ken Ganong
Modified: 2007-04-18 17:29 UTC (History)
1 user (show)

Fixed In Version: RHN 4.0.0
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-09-01 03:07:23 UTC


Attachments (Terms of Use)

Description Ken Ganong 2005-07-18 19:01:17 UTC
Very similar to Actions, Servers were only using the org to decide if we could
look them up.  The result is that users with no servers assigned to them can
manage servers in the SDC by typing in the appropriate url with sid.

Comment 1 Mike McCune 2005-07-22 21:18:53 UTC
Ken, this is going to need a testplan.

Comment 2 Ken Ganong 2005-07-25 13:24:50 UTC
Sequester an org with at least two users and one system in which one user has
access to the server and the other user does not.  Note:  In order for a user to
not have access to a system, he or she must not be an org admin nor a system
group admin and must not have access to a system group that that server is in. 
A user's server perms can be found in Users->Click a User->Systems.

For the user which does have permission, he or she should see the system in the
System List and should be able to view and schedule actions for the system in
System Details pages.  (Systems->Systems->Click the System->Click a java link in
the middle nav (Errata, Packages))

For the user which does not have permission, go to Systems->Systems->Click a
System->modify the url so that the sid parameter equals the system id of the
inaccessible system.  None of the pages (Java or Perl) should allow you to view
the system.

Comment 3 Mike McCune 2005-07-29 23:42:00 UTC
will qa this.

Comment 4 Mike McCune 2005-07-30 01:20:30 UTC
works fine, prod_ready.


Note You need to log in before you can comment on or make changes to this bug.