Katello needs to add permissions to 'Canned admin' role so that this role is able to create organizations.
Created from redmine issue http://projects.theforeman.org/issues/24268
Upstream bug assigned to oprazak
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/24268 has been resolved.
The changes for this are in Katello 3.9 upstream.
Build: Satellite 6.5 snap8 [root@qe-sat6-feature-rhel7 ~]# hammer role info --id 4 Id: 4 Name: System admin Builtin: no Description: Role granting permissions for managing organizations, locations, users, usergroups, auth sources, roles, filters and settings. This is a very powerful role that can potentially gain access to all resources. [root@qe-sat6-feature-rhel7 ~]# hammer role filters --id 4 ----|------------------------|--------|------------|-----------|--------------|--------------------------------------------------------------------------------- ID | RESOURCE TYPE | SEARCH | UNLIMITED? | OVERRIDE? | ROLE | PERMISSIONS ----|------------------------|--------|------------|-----------|--------------|--------------------------------------------------------------------------------- 86 | AuthSource | none | yes | no | System admin | view_authenticators, create_authenticators, edit_authenticators, destroy_auth... 87 | Filter | none | yes | no | System admin | view_filters, create_filters, edit_filters, destroy_filters 88 | Location | none | yes | no | System admin | view_locations, create_locations, edit_locations, destroy_locations, assign_l... 89 | Organization | none | yes | no | System admin | view_organizations, create_organizations, edit_organizations, destroy_organiz... 90 | Role | none | yes | no | System admin | view_roles, create_roles, edit_roles, destroy_roles 91 | (Miscellaneous) | none | yes | no | System admin | escalate_roles 92 | Setting | none | yes | no | System admin | view_settings, edit_settings 93 | Usergroup | none | yes | no | System admin | view_usergroups, create_usergroups, edit_usergroups, destroy_usergroups 94 | User | none | yes | no | System admin | view_users, create_users, edit_users, destroy_users 208 | Katello::ContentView | none | yes | no | System admin | create_content_views 209 | Katello::KTEnvironment | none | yes | no | System admin | create_lifecycle_environments ----|------------------------|--------|------------|-----------|--------------|--------------------------------------------------------------------------------- I am also able to use the permissions to successfully create Organizations hammer> user create --auth-source-id="1" --firstname="VzkJLVaVag" --lastname="EsiloJXIQt" --login="testsys" --mail="ZCKsBzyjuh" --password=aa --organization-ids=1 --role-ids="4" --location-ids=2 User [testsys] created. hammer> user info --login testsys Id: 54 Login: testsys Name: VzkJLVaVag EsiloJXIQt Email: ZCKsBzyjuh Admin: no Last login: Authorized by: Internal Effective admin: no Locale: default Timezone: default Description: Default organization: Default location: Roles: System admin User groups: Inherited User groups: Locations: Default Location Organizations: Default Organization testorg Created at: 2018/12/19 06:06:11 Updated at: 2018/12/19 06:06:11 hammer> role info --id 4 Id: 4 Name: System admin Builtin: no Description: Role granting permissions for managing organizations, locations, users, usergroups, auth sources, roles, filters and settings. This is a very powerful role that can potentially gain access to all resources. hammer> exit [root@qe-sat6-feature-rhel7 ~]# hammer -u testsys -p aa shell hammer> auth status Using configured credentials for user 'testsys'. hammer> organization create --name testorg Organization created. hammer> organization list ---|----------------------|----------------------|-------------|----------------------|------------ ID | TITLE | NAME | DESCRIPTION | LABEL | DESCRIPTION ---|----------------------|----------------------|-------------|----------------------|------------ 1 | Default Organization | Default Organization | | Default_Organization | 34 | testorg | testorg | | testorg | ---|----------------------|----------------------|-------------|----------------------|------------ hammer> organization info --id 34 Id: 34 Title: testorg Name: testorg Description: Users: testsys Smart proxies: <snip> Subnets: Compute resources: Installation media: Templates: Alterator default (provision) <snip>
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:1222