From 1b7d5bd34b3d5851bd7f10d73578cd69e80657d3 Mon Sep 17 00:00:00 2001
From: lpichler <lpichler@redhat.com>
Date: Mon, 30 Jan 2017 11:46:15 +0100
Subject: [PATCH] Restrict list of roles by RBAC

---
 app/controllers/ops_controller/ops_rbac.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/controllers/ops_controller/ops_rbac.rb b/app/controllers/ops_controller/ops_rbac.rb
index af28920c8309..691bfe279107 100644
--- a/app/controllers/ops_controller/ops_rbac.rb
+++ b/app/controllers/ops_controller/ops_rbac.rb
@@ -1112,6 +1112,7 @@ def rbac_group_set_form_vars
     # Build roles hash
     @edit[:roles]["<Choose a Role>"] = nil if @record.id.nil?
     MiqUserRole.all.each do |r|
+    Rbac::Filterer.filtered(MiqUserRole).each do |r|
       @edit[:roles][r.name] = r.id
     end
     if @group.miq_user_role.nil? # If adding, set to first role