Bug 1434590

Summary: [RFE] add ability to create API-only users that cannot log in via web UI
Product: Red Hat Satellite Reporter: Chris Duryee <cduryee>
Component: AuthorizationAssignee: Marek Hulan <mhulan>
Status: CLOSED WONTFIX QA Contact: Katello QA List <katello-qa-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2.8CC: bkearney, jcallaha, mhulan
Target Milestone: UnspecifiedKeywords: FutureFeature
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-03 19:18:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1435022    

Description Chris Duryee 2017-03-21 21:16:21 UTC 
Description of problem:

Some customers have scripts or web forms that make calls into the Satellite API. They would like the ability to lock down the API user so that the user can make calls, but cannot log in via the web UI.

One possible way to do this may be to create a 'web access' role of some sort that users get by default. I am not sure if it's best to implement this via the regular role selector, or via a checkbox for "Allow web interface access?" similar to the "is administrator?" box. A checkbox might be better since it can be enabled by default, so its harder to forget to add it.

There may be a more intuitive way to present this to the user, the paragraph above is just one suggestion and not a hard requirement for the RFE.
Comment 1 Marek Hulan 2017-03-22 09:43:50 UTC 
Created redmine issue http://projects.theforeman.org/issues/18978 from this bug
Comment 2 Bryan Kearney 2018-10-03 19:18:44 UTC 
Thank you for your interest in Satellite 6. We have evaluated this request, and while we recognize that it is a valid request, we do not expect this to be implemented in the product in the foreseeable future. This is due to other priorities for the product, and not a reflection on the request itself. We are therefore closing this out as WONTFIX. If you have any concerns about this, please do not reopen. Instead, feel free to contact Rich Jerrido or Bryan Kearney. Thank you.