Bug 211245 - "read only" user privilege in hosted and satellite
Summary: "read only" user privilege in hosted and satellite
Keywords:
Status: CLOSED DUPLICATE of bug 239405
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Other
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Todd Sanders
QA Contact: Red Hat Satellite QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-10-18 01:53 UTC by Matt Jamison
Modified: 2008-04-13 01:47 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-04-13 01:47:05 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Matt Jamison 2006-10-18 01:53:02 UTC
our customers need the ability to have someone log into their rhn account to
audit subscriptions and other things but the admins want to make sure they don't
touch anything.  

This would call for an "audit" privilege for this user.  the ability to look at
everything but not touch anything.

from a customer at the federal reserve bank:

 I have an immediate need for some functionality in RHN That
      I currently do not see - thought it was there but I was
      wrong. 

Scope
      Feature request for Red Hat Network Satellite.
      Request
      � � � � The ability to create read only accounts. �These
      accounts should have the ability to receive security alerts
      via email if desired, view the inventory of servers, view
      the errata and the servers impacted by the Errata. �These
      read only accounts should not have the ability to change
      anything.
      Justification
      � � � � With the growing use of networks both internal and
      external and the growing risk of exposure from internal /
      external sources there is a need to address threats. �Many
      potential threats come from bugs found in application code
      or even Operating System code. �Red Hat releases these
      security issues in the form of Errata and updates to
      impacted packages. �In many organizations the security
      group will track the potential risk of these Errata and
      then work with the Operating System Support group to
      address this risk. �Typically the operating system support
      area will provide time lines for addressing the exposure
      and the security group will typical verify that the risk as
      been addressed. �RHN provides a means to assess the risk by
      reporting which systems have a package, possibly vulnerable
      package, installed and a means to provide information about
      a given vulnerability. �RHN can then be used to address the
      vulnerability and again security can come back and use RHN
      to verify that the list of servers impacted has been
      reduced and eventually eliminated. �One thing the security
      group should not be permitted to do is make changes or
      implement a fix. �There part of the process is strictly
      verification. �Today RHN does not support a verification
      account..

Comment 1 Matt Jamison 2006-10-18 12:34:10 UTC
updated comment from customer:

This would actually be a critical feature for us. �As I go through our
security review for the product this question will come up and could be
viewed as a exposure in the product. �If there is a way to escalate
this please do so. �If there is a way to force such a feature by
manipulating some aspect of RHN so that the current version will
support the use of read-only accounts please let me know.



Comment 3 David Mair 2008-04-13 01:47:05 UTC

*** This bug has been marked as a duplicate of 239405 ***


Note You need to log in before you can comment on or make changes to this bug.