Description of problem:

User with "Ansible Tower Inventory Reader" , can view only Global Parameters but not Host parameters of Hosts


How reproducible:

100%

Steps to Reproduce:
1) Create a satellite user (user1) and assign role  "Ansible Tower Inventory Reader" to it.

2) Create hosts parameters for a host :

host_param_test1 : VALUE1
host_param_test2 : VALUE2

3) Run API call to get all parameters:

# curl -X GET -s -k -u [user1]:PASSWORD https://[SATELLITE FQDN]/api/v2/hosts/[Host ID] | jq -r '.all_parameters[].name'

Actual results:

Only the Global parameters are shown.

host_registration_remote_execution
host_registration_insights
host_packages
enable-puppet5
enable-epel
ansible_roles_check_mode


Expected results:

All parameters including Host Parameters.

host_param_test1
host_param_test2
kt_activation_keys
host_registration_remote_execution
host_registration_insights
host_packages
enable-puppet5
enable-epel
ansible_roles_check_mode



Additional info:

1) It affects all current supported satellite versions.
2) After adding "Viewer" role to the user , Host parameters can be retrieved.
3) Ansible tower users , can not import the Host parameters for satellite inventory hosts by following our official documentation for creating  non-admin users.

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.10/html/configuring_satellite_to_use_ansible/integrating-ansible-tower_ansible#adding-server-as-a-dynamic-inventory-item_ansible