Hide Forgot
Created attachment 1228139 [details] shows user + roles Description of problem: I'm working on setting least privileges for a user to create a hostrecord using the bootstrap.py script. To do so, I created a user deployit, gave the user the viewer role. I also created a new role, called deployer and gave that role the create hosts privilege in Sat6.2. If I then log into the gui with the user, all HG's are visible. If I then request the same information using hammer or curl, the user cannot see all the hostgroups. Now, this would not be an issue, but I want the user to use a specific hostgroup when executing the bootsrap.py script. This doesn't work as the user cannot find the HG through the api calls the script does. All is fine when using the admin user. Version-Release number of selected component (if applicable): RHEL7.3, Sat 6.2.4 How reproducible: In customer site and in lab. Steps to Reproduce: Deploy sat6.2.4, config LCE, add Subs, create CV, add AKs, setup HGs with some nested children. (see screenshots). The create user with mentioned privileges. See attachments for results. Actual results: Only 2 HGs visible. Expected results: Expected al HGs as in GUI. Additional info: See attachments
Created attachment 1228140 [details] extra role for user
Created attachment 1228141 [details] view oif CVs in GUI with admin user
Created attachment 1228142 [details] view of CVs with viewer user
Created attachment 1228143 [details] output of curl commands 1
Created attachment 1228145 [details] hammer command for both admin and viewer user.
Could you please try to check if specifying the organization and location helps? Try running the command as user like this hammer hostgroup list --organization RedHat --location MtH if it helps, you should be able to define default org and loc for the user.
Hi Marek, That works, but it does not help when if it is not specified, when the default org/loc for the user is set. [mtenheuv@satellite62 ~]$ hammer hostgroup list --organization RedHat --location MtH ---|----------------|--------------------------|------------------------------------------|--------------------------------|------ ID | NAME | TITLE | OPERATING SYSTEM | ENVIRONMENT | MODEL ---|----------------|--------------------------|------------------------------------------|--------------------------------|------ 5 | HG_Atomic | HG_Atomic | Red Hat Enterprise Linux Atomic Host 7.2 | KT_RedHat_Library_RHEL7_base_2 | 6 | HG_Atomic_devl | HG_Atomic/HG_Atomic_devl | | | 1 | HG_Basic | HG_Basic | RedHat 7.3 | KT_RedHat_devl_RHEL7_base_2 | 2 | HG_Basic_devl | HG_Basic/HG_Basic_devl | RedHat 7.3 | KT_RedHat_devl_RHEL7_base_2 | 4 | HG_Basic_prod | HG_Basic/HG_Basic_prod | RedHat 7.3 | KT_RedHat_prod_RHEL7_base_2 | 3 | HG_Basic_quas | HG_Basic/HG_Basic_quas | | KT_RedHat_quas_RHEL7_base_2 | ---|----------------|--------------------------|------------------------------------------|--------------------------------|------ [mtenheuv@satellite62 ~]$ hammer hostgroup list ---|---------------|------------------------|------------------|-----------------------------|------ ID | NAME | TITLE | OPERATING SYSTEM | ENVIRONMENT | MODEL ---|---------------|------------------------|------------------|-----------------------------|------ 2 | HG_Basic_devl | HG_Basic/HG_Basic_devl | RedHat 7.3 | KT_RedHat_devl_RHEL7_base_2 | 4 | HG_Basic_prod | HG_Basic/HG_Basic_prod | RedHat 7.3 | KT_RedHat_prod_RHEL7_base_2 | ---|---------------|------------------------|------------------|-----------------------------|------ I upgraded to 6.2.5 recently, so this is also the case in that increment.
How did you set users default org and loc? I suppose following should do the trick > hammer defaults add --param-name organization_id --param-value RedHat > hammer defaults add --param-name organization_id --param-value MtH should do the trick. Also you can specify --provide foreman instead of --param-value which should load the default from what's set for user in Satellite DB.
(In reply to Marek Hulan from comment #11) > How did you set users default org and loc? I suppose following should do the > trick > > > hammer defaults add --param-name organization_id --param-value RedHat > > hammer defaults add --param-name organization_id --param-value MtH > > should do the trick. Also you can specify --provide foreman instead of > --param-value which should load the default from what's set for user in > Satellite DB. Well, if I do, it works. Also, the Satellite I'm running it against (still the same btw) is upgraded up 'till 6.2.10 and this is working correct without the defaults parameters as well as with the api. I think we can close this as it looks like it was fixed already.
Thanks for confirmation! I know there was some fix in hammer so that's probably it. Please reopen if you encounter it again.