Description of problem: Nowadays any user may create or delete keys using the kickstart.keys APIs. Version-Release number of selected component (if applicable): sat541 How reproducible: always Steps to Reproduce: 1. Create a simple satellite user. 2. Try to create and delete a GPG a/o SSL key using kickstart.keys API Actual results: Passed. Expected results: Only an org or config admin shall be able to modify GPG/SSL keys (at least there's such restriction in WebUI)
Tomas, please fix also cases, when specifying invalid description for delete and getDetails (NoSuchCryptoKeyException)
fixed in spacewalk master 1dae339f2c4ef314436bddc3bf9364dbf526bacd
Satellite 5.6 has been released. This bug was tracked under the release. This bug was either VERIFIED or RELEASE_PENDING (re-verified prior shortly before release). Moving to CLOSED CURRENT_RELEASE. Text from Upgrade Erratum follows: Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2013-1395.html