Bug 1474186

Summary: [RFE] subscription-manager with Username/Password Credentials
Product: Red Hat Enterprise Linux 7 Reporter: Amogh Kulkarni <amkulkar>
Component: subscription-managerAssignee: candlepin-bugs
Status: CLOSED WONTFIX QA Contact: John Sefler <jsefler>
Severity: high Docs Contact:
Priority: low    
Version: 7.4CC: aakbar, amkulkar, khowell, mihood, nrathod, pbowden, redakkan, rjerrido, seant, skallesh
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1478943 (view as bug list) Environment:
Last Closed: 2018-02-26 19:34:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1478943    
Bug Blocks:    

Description Amogh Kulkarni 2017-07-24 05:46:00 UTC 
1. Proposed title of this feature request

Subscription-Manager with Username/Password Credentials.

2. What is the nature and description of the request?

Customer has created the support case 01716708 in which he has raised security concerns in RHSM as follows:

a. Once he registers and subscribes system, for his end customer having root privilege, they can manipulate subscriptions/entitlements. This according to his point of view is an Security breach and major Security violation as a root user can manipulate entitlements.

b. He needs to avoid this, or he needs Red Hat to modify Subscription-Manager so that authentication is requested every time his end customer tries to manipulate subscription.


3. Why does the customer need this? (List the business requirements here)

As was present with RHN Classic, Customer needs this functionality with RHSM because Customer (Stan Hornyak) has end customers and to safeguard subscriptions and prevent misuse of his entitlements, needs to implement this functionality in Subscription-manager. 

4. How would the customer like to achieve this? (List the functional requirements here)

Modify Subscription-manager , such that it prompts for the Username/Password credentials whenever a user tries to attach or remove subscriptions.

Or, only Org-Admins have privilege to manipulate subscription, rather than the other users.

5. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.

Customer is happy to test this functionality within his environment, with Satellite or normal Products.

6. Is there already an existing RFE upstream or in Red Hat Bugzilla?

NO.

7. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?

URGENT

8. Is the sales team involved in this request and do they have any additional input?

NO.

9. List any affected packages or components.

subscription-manager, python-rhsm, subscription-manager-gui 

10. Would the customer be able to assist in testing this functionality if implemented?

YES.
Comment 2 Pete Bowden 2017-09-07 20:25:37 UTC 
I also have a customer who is requesting the same functionality in the portal. In addition they would like the ability to give a specific user access to a subset of subscriptions without having access to the other subscriptions that are tied to an account. e.g. "Here are two RHEL subs, do what you want with them, but you can't use the other 40 that belong to the primary account"
Comment 6 Rich Jerrido 2018-02-26 19:34:16 UTC 
This capability has been evaluated by the product management team, and we have decided to not implement this capability. It is recommended that the customer leverage an on premise Satellite server with multi-org support