Add permissions to environment and content hosts and implement the lockin based of the following criteria Rules of the Game To register a system one needs 1) create_content_hosts (under content hosts resource) 2) register_content_hosts_to_content_views 3) view_content_views 4) register_content_hosts_to_environments
Created from redmine issue http://projects.theforeman.org/issues/5911
slight modification on the rules To register a system one needs 1) create_content_hosts (under content hosts resource) 2) view_content_views for the content view being registered ot 3) view_environments for the environment being registered to
commit # 85af6d026e3e9fad13d8fdf7bb589a8e986e32ff
I'm assuming, here we were discussing about what permissions a normal user should have for registering content-host with sat6 server ? Based on above assumption, I created a user 'test' and a role. Added following permissions to newly created role.. - create_content_hosts - view_content_views - view_environments Assign the role to new user 'test'. and tried registration as below: [root@vodka ~]# subscription-manager register --username test --password redhat --env dev/cv-rhel65-ks The system has been registered with ID: 27123905-b58d-47e3-bb32-8418b7fe2fb0 [root@vodka ~]# System was registered successfully.
@Eric: I tried to verify this bz with sat6 beta snap9 compose2. Please see comment8 for verification steps. Please correct me if my assumptions are incorrect as in comment8.
Sachin, That looks good to me. Just make sure 1) User without these perms cant register. 2) Also you can try creating roles that has - create_content_hosts - view_content_views specifically on view 1 - view_environments specifically on env 1 specifically try registering to that environment/content view combination. Any other combination must fail.
Thanks Partha. I tried following combination too with sat6 beta snap10. - create_content_hosts - view_content_views specifically on view 1 - view_environments specifically on env 1 I've given access of env "Dev" and cv "cv-rhel65-ks" to user test. And I was able to register host with user test with same cv and env. [root@shost ~]# subscription-manager register --username test --password redhat --env Dev/cv-rhel65-ks --org ACME_Corporation The system has been registered with ID: f290087d-b16b-4a95-9fe3-30ab0c645ab1 Also, when I used some other combination then got following: [root@shost ~]# subscription-manager register --username test --password redhat --env dev/cv-rhel65-ks --org ACME_Corporation No such environment: dev/cv-rhel65-ks Please see the permissions assigned to user via UI.
Created attachment 910821 [details] assigned perms to user
This was delivered with 6.0.3, which is the Satellite 6 Beta.
This was delivered in 6.0.3, the Beta version of Satellite 6.0