Bug 1645398
| Summary: | [RFE] Add permissions to Canned admin | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Ondřej Pražák <oprazak> |
| Component: | Users & Roles | Assignee: | Ondřej Pražák <oprazak> |
| Status: | CLOSED ERRATA | QA Contact: | Sanket Jagtap <sjagtap> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.5.0 | CC: | dhlavacd, ehelms, mhulan, rjerrido, sjagtap |
| Target Milestone: | 6.5.0 | Keywords: | FutureFeature, Triaged |
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-05-14 12:38:32 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1645396 | ||
| Bug Blocks: | |||
|
Description
Ondřej Pražák
2018-11-02 07:06:51 UTC
Created from redmine issue http://projects.theforeman.org/issues/24268 Upstream bug assigned to oprazak Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/24268 has been resolved. The changes for this are in Katello 3.9 upstream. Build: Satellite 6.5 snap8
[root@qe-sat6-feature-rhel7 ~]# hammer role info --id 4
Id: 4
Name: System admin
Builtin: no
Description: Role granting permissions for managing organizations, locations, users, usergroups, auth sources, roles, filters and settings. This is a very powerful role that can potentially gain access to all resources.
[root@qe-sat6-feature-rhel7 ~]# hammer role filters --id 4
----|------------------------|--------|------------|-----------|--------------|---------------------------------------------------------------------------------
ID | RESOURCE TYPE | SEARCH | UNLIMITED? | OVERRIDE? | ROLE | PERMISSIONS
----|------------------------|--------|------------|-----------|--------------|---------------------------------------------------------------------------------
86 | AuthSource | none | yes | no | System admin | view_authenticators, create_authenticators, edit_authenticators, destroy_auth...
87 | Filter | none | yes | no | System admin | view_filters, create_filters, edit_filters, destroy_filters
88 | Location | none | yes | no | System admin | view_locations, create_locations, edit_locations, destroy_locations, assign_l...
89 | Organization | none | yes | no | System admin | view_organizations, create_organizations, edit_organizations, destroy_organiz...
90 | Role | none | yes | no | System admin | view_roles, create_roles, edit_roles, destroy_roles
91 | (Miscellaneous) | none | yes | no | System admin | escalate_roles
92 | Setting | none | yes | no | System admin | view_settings, edit_settings
93 | Usergroup | none | yes | no | System admin | view_usergroups, create_usergroups, edit_usergroups, destroy_usergroups
94 | User | none | yes | no | System admin | view_users, create_users, edit_users, destroy_users
208 | Katello::ContentView | none | yes | no | System admin | create_content_views
209 | Katello::KTEnvironment | none | yes | no | System admin | create_lifecycle_environments
----|------------------------|--------|------------|-----------|--------------|---------------------------------------------------------------------------------
I am also able to use the permissions to successfully create Organizations
hammer> user create --auth-source-id="1" --firstname="VzkJLVaVag" --lastname="EsiloJXIQt" --login="testsys" --mail="ZCKsBzyjuh" --password=aa --organization-ids=1 --role-ids="4" --location-ids=2
User [testsys] created.
hammer> user info --login testsys
Id: 54
Login: testsys
Name: VzkJLVaVag EsiloJXIQt
Email: ZCKsBzyjuh
Admin: no
Last login:
Authorized by: Internal
Effective admin: no
Locale: default
Timezone: default
Description:
Default organization:
Default location:
Roles:
System admin
User groups:
Inherited User groups:
Locations:
Default Location
Organizations:
Default Organization
testorg
Created at: 2018/12/19 06:06:11
Updated at: 2018/12/19 06:06:11
hammer> role info --id 4
Id: 4
Name: System admin
Builtin: no
Description: Role granting permissions for managing organizations, locations, users, usergroups, auth sources, roles, filters and settings. This is a very powerful role that can potentially gain access to all resources.
hammer> exit
[root@qe-sat6-feature-rhel7 ~]# hammer -u testsys -p aa shell
hammer> auth status
Using configured credentials for user 'testsys'.
hammer> organization create --name testorg
Organization created.
hammer> organization list
---|----------------------|----------------------|-------------|----------------------|------------
ID | TITLE | NAME | DESCRIPTION | LABEL | DESCRIPTION
---|----------------------|----------------------|-------------|----------------------|------------
1 | Default Organization | Default Organization | | Default_Organization |
34 | testorg | testorg | | testorg |
---|----------------------|----------------------|-------------|----------------------|------------
hammer> organization info --id 34
Id: 34
Title: testorg
Name: testorg
Description:
Users:
testsys
Smart proxies:
<snip>
Subnets:
Compute resources:
Installation media:
Templates:
Alterator default (provision)
<snip>
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:1222 |