Bug 1380038

Summary: The virt-who Satellite user shouldn't require Administrator permissions
Product: Red Hat Satellite Reporter: Sean O'Keeffe <sokeeffe>
Component: Docs Virtual Instances GuideAssignee: Tahlia Richardson <trichard>
Status: CLOSED NOTABUG QA Contact: satellite-doc-list
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2.0CC: dvoss, greartes, jcallaha, mcorr
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-09-11 15:18:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Sean O'Keeffe 2016-09-28 14:54:28 UTC 
Description of problem:
The virt-who documentation at https://access.redhat.com/documentation/en/red-hat-satellite/6.2/paged/virtual-instances-guide/chapter-5-configuration-and-services say:
"In the Satellite web UI, create a user on the Satellite Server with Administrator access."

This does seem to be the case, creating a user with create_hosts/content_hosts & edit_hosts/content_hosts gives permission denied errors. This is stupid and insecure, we should allow this to work with the permissions above or create a new virt-who permission that works.

It would also be nice ship Satellite with a per-definded role for virt-who

Version-Release number of selected component (if applicable):
6.2

How reproducible:
100%

Steps to Reproduce:
1.
2.
3.

Actual results:
the Virt-who satellite user requires admin rights 


Expected results:
virt-who user does require admin rights


Additional info:
Comment 2 Sean O'Keeffe 2017-01-05 14:19:01 UTC 
I've just tested this on katello nightly and cannot reproduce it anymore. All that is required it the user has "create_hosts" permission. I'm also fairly sure this will have has been fixed in 6.3, could someone test that please? 

Moving to Doc bug.
Comment 4 Tahlia Richardson 2019-09-11 15:18:05 UTC 
It looks like this is no longer a bug, as https://access.redhat.com/documentation/en-us/red_hat_satellite/6.5/html-single/virtual_instances_guide/index#authentication_requirements says "Every virt-who configuration, created using either the Satellite web UI or hammer, creates a unique service user for virt-who authentication. The user is named virt_who_reporter$id and has a randomly generated password. The virt-who user is assigned the Virt-who Reporter role, which provides minimal permissions, allowing the user to only perform virt-who reporting."

If there are any issues with the current authentication information, however, please do let us know.