our customers need the ability to have someone log into their rhn account to audit subscriptions and other things but the admins want to make sure they don't touch anything. This would call for an "audit" privilege for this user. the ability to look at everything but not touch anything. from a customer at the federal reserve bank: I have an immediate need for some functionality in RHN That I currently do not see - thought it was there but I was wrong. Scope Feature request for Red Hat Network Satellite. Request � � � � The ability to create read only accounts. �These accounts should have the ability to receive security alerts via email if desired, view the inventory of servers, view the errata and the servers impacted by the Errata. �These read only accounts should not have the ability to change anything. Justification � � � � With the growing use of networks both internal and external and the growing risk of exposure from internal / external sources there is a need to address threats. �Many potential threats come from bugs found in application code or even Operating System code. �Red Hat releases these security issues in the form of Errata and updates to impacted packages. �In many organizations the security group will track the potential risk of these Errata and then work with the Operating System Support group to address this risk. �Typically the operating system support area will provide time lines for addressing the exposure and the security group will typical verify that the risk as been addressed. �RHN provides a means to assess the risk by reporting which systems have a package, possibly vulnerable package, installed and a means to provide information about a given vulnerability. �RHN can then be used to address the vulnerability and again security can come back and use RHN to verify that the list of servers impacted has been reduced and eventually eliminated. �One thing the security group should not be permitted to do is make changes or implement a fix. �There part of the process is strictly verification. �Today RHN does not support a verification account..
updated comment from customer: This would actually be a critical feature for us. �As I go through our security review for the product this question will come up and could be viewed as a exposure in the product. �If there is a way to escalate this please do so. �If there is a way to force such a feature by manipulating some aspect of RHN so that the current version will support the use of read-only accounts please let me know.
*** This bug has been marked as a duplicate of 239405 ***