Bug 1645398

Summary: [RFE] Add permissions to Canned admin
Product: Red Hat Satellite Reporter: Ondřej Pražák <oprazak>
Component: Users & RolesAssignee: Ondřej Pražák <oprazak>
Status: CLOSED ERRATA QA Contact: Sanket Jagtap <sjagtap>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.5.0CC: dhlavacd, ehelms, mhulan, rjerrido, sjagtap
Target Milestone: 6.5.0Keywords: FutureFeature, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-05-14 12:38:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1645396    
Bug Blocks:    

Description Ondřej Pražák 2018-11-02 07:06:51 UTC
Katello needs to add permissions to 'Canned admin' role so that this role is able to create organizations.

Comment 1 Ondřej Pražák 2018-11-02 07:06:56 UTC
Created from redmine issue http://projects.theforeman.org/issues/24268

Comment 2 Ondřej Pražák 2018-11-02 07:07:00 UTC
Upstream bug assigned to oprazak

Comment 3 Satellite Program 2018-11-08 23:05:50 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/24268 has been resolved.

Comment 4 Brad Buckingham 2018-12-10 21:00:28 UTC
The changes for this are in Katello 3.9 upstream.

Comment 5 Sanket Jagtap 2018-12-20 14:50:45 UTC
Build: Satellite 6.5 snap8 

[root@qe-sat6-feature-rhel7 ~]# hammer role info --id 4
Id:          4
Name:        System admin
Builtin:     no
Description: Role granting permissions for managing organizations, locations, users, usergroups, auth sources, roles, filters and settings. This is a very powerful role that can potentially gain access to all resources.

[root@qe-sat6-feature-rhel7 ~]# hammer role filters --id 4
----|------------------------|--------|------------|-----------|--------------|---------------------------------------------------------------------------------
ID  | RESOURCE TYPE          | SEARCH | UNLIMITED? | OVERRIDE? | ROLE         | PERMISSIONS                                                                     
----|------------------------|--------|------------|-----------|--------------|---------------------------------------------------------------------------------
86  | AuthSource             | none   | yes        | no        | System admin | view_authenticators, create_authenticators, edit_authenticators, destroy_auth...
87  | Filter                 | none   | yes        | no        | System admin | view_filters, create_filters, edit_filters, destroy_filters                     
88  | Location               | none   | yes        | no        | System admin | view_locations, create_locations, edit_locations, destroy_locations, assign_l...
89  | Organization           | none   | yes        | no        | System admin | view_organizations, create_organizations, edit_organizations, destroy_organiz...
90  | Role                   | none   | yes        | no        | System admin | view_roles, create_roles, edit_roles, destroy_roles                             
91  | (Miscellaneous)        | none   | yes        | no        | System admin | escalate_roles                                                                  
92  | Setting                | none   | yes        | no        | System admin | view_settings, edit_settings                                                    
93  | Usergroup              | none   | yes        | no        | System admin | view_usergroups, create_usergroups, edit_usergroups, destroy_usergroups         
94  | User                   | none   | yes        | no        | System admin | view_users, create_users, edit_users, destroy_users                             
208 | Katello::ContentView   | none   | yes        | no        | System admin | create_content_views                                                            
209 | Katello::KTEnvironment | none   | yes        | no        | System admin | create_lifecycle_environments                                                   
----|------------------------|--------|------------|-----------|--------------|---------------------------------------------------------------------------------


I am also able to use the permissions to successfully create Organizations 



hammer>  user create --auth-source-id="1" --firstname="VzkJLVaVag" --lastname="EsiloJXIQt" --login="testsys" --mail="ZCKsBzyjuh" --password=aa --organization-ids=1 --role-ids="4" --location-ids=2
User [testsys] created.

hammer> user info --login testsys
Id:                    54
Login:                 testsys
Name:                  VzkJLVaVag EsiloJXIQt
Email:                 ZCKsBzyjuh
Admin:                 no
Last login:            
Authorized by:         Internal
Effective admin:       no
Locale:                default
Timezone:              default
Description:           
Default organization:  
Default location:      
Roles:                 
    System admin
User groups:           

Inherited User groups: 

Locations:             
    Default Location
Organizations:         
    Default Organization
    testorg
Created at:            2018/12/19 06:06:11
Updated at:            2018/12/19 06:06:11


hammer> role info --id 4
Id:          4
Name:        System admin
Builtin:     no
Description: Role granting permissions for managing organizations, locations, users, usergroups, auth sources, roles, filters and settings. This is a very powerful role that can potentially gain access to all resources.

hammer> exit
[root@qe-sat6-feature-rhel7 ~]# hammer -u testsys -p aa shell

hammer> auth status
Using configured credentials for user 'testsys'.
hammer> organization create --name testorg
Organization created.
hammer> organization list 
---|----------------------|----------------------|-------------|----------------------|------------
ID | TITLE                | NAME                 | DESCRIPTION | LABEL                | DESCRIPTION
---|----------------------|----------------------|-------------|----------------------|------------
1  | Default Organization | Default Organization |             | Default_Organization |            
34 | testorg              | testorg              |             | testorg              |            
---|----------------------|----------------------|-------------|----------------------|------------
hammer> organization info --id 34
Id:                     34
Title:                  testorg
Name:                   testorg
Description:            
Users:                  
    testsys
Smart proxies:          
    <snip>
Subnets:                

Compute resources:      

Installation media:     

Templates:              
    Alterator default (provision)
<snip>

Comment 7 errata-xmlrpc 2019-05-14 12:38:32 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1222