ManageIQ
EvmRole-reader access to reports #22576
-
|
I have a set of users that I want to grant read-only access to reports, dashboards and provider resources. The out-of-box The If I create a custom role that is Creating a new role/group is enough so this is perfectly fine. My question here is: is it intentional to omit read access to reports in the |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
The EvmRole reader was added as a way to have a fully read-only account (See original PR #15647). It seems even then that reports were called out, but then the PR was merged anyway. I suspect that they realized that report-superadmin was the only was to add it and then left it out, but never went back to fix it. To me, this sound like we need to include |
Beta Was this translation helpful? Give feedback.
-
|
Both Since reports can be assigned to a user or group it makes sense for access to rbac to always be enforced. But as far as I can tell there is no way to set user/group ownership of a report - it's automatically assigned to the user/group who created it. This prevents a report admin from creating common reports and sharing with EvmRole-reader users. I can open an enhancement issue for this. |
Beta Was this translation helpful? Give feedback.
The EvmRole reader was added as a way to have a fully read-only account (See original PR #15647). It seems even then that reports were called out, but then the PR was merged anyway. I suspect that they realized that report-superadmin was the only was to add it and then left it out, but never went back to fix it.
To me, this sound like we need to include
miq_report_viewandmiq_report_saved_reports_view, and if those aren't working with read-only mode, then we need to update the code to support that.