Bug 1357881
Summary: | candlepin_proxies_controller still uses content_host permissions | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Justin Sherrill <jsherril> |
Component: | API - Content | Assignee: | Justin Sherrill <jsherril> |
Status: | CLOSED ERRATA | QA Contact: | Jitendra Yejare <jyejare> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.2.0 | CC: | bbuckingham, cwelton, jyejare |
Target Milestone: | Unspecified | Keywords: | Triaged |
Target Release: | Unused | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
URL: | http://projects.theforeman.org/issues/15724 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-02-21 16:54:37 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Justin Sherrill
2016-07-19 13:06:51 UTC
Created from redmine issue http://projects.theforeman.org/issues/15724 Upstream bug assigned to jsherril Upstream bug component is API - Content Upstream bug component is API Upstream bug component is API - Content Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/15724 has been resolved. I would probably argue for this to be moved to 6.3.0, given: 1) this may break existing customers, which we don't want to do in a z-stream 2) it was done as part of the System model removal for 6.3, so it would need to be a one off patch. Previously, a user would have to use the "content_hosts" permissions to register a system, such as: create_content_hosts These should now be gone, and the user should use "create_hosts". If you create a role with create_hosts view_organizations view_lifecycle_environments you should now be able to register a system Verified ! @ Satellite 6.3 snap 29 Steps: (as per comment 11) 1. Created Org admin role that has permissions for: create_hosts(instead of create_content_hosts which is now removed) view_lifecycle_environments Added View_organizations permission 2. Create user non_admin with above role 3. Attempted to register the content host with the above user Observation: # subscription-manager register --org="Default_Organization" --username=non_admin --password=passwd Registering to: qeblade36.rhq.lab.eng.bos.redhat.com:443/rhsm Environment: Library The system has been registered with ID: 90faee8f-9ca0-478f-99f3-276e07b47bbf Hence changing the state to Verified! Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> >
> > For information on the advisory, and where to find the updated files, follow the link below.
> >
> > If the solution does not work for you, open a new bug report.
> >
> > https://access.redhat.com/errata/RHSA-2018:0336
|