Satellite 6.3 introduces a new role known as the Organization admin role, otherwise known as Org Admin.
The Org Admin role is intended to enable members of the role to have full administrator capabilities within the scope of a specified organization. The Org Admin has no visibility or awareness of other organizations that might exist within the environment, other than the ones assigned to that role.
- Users that already cross multiple organizations cannot be managed today by an Org Admin
- The Org Admin role is not intended to fully extend into Puppet operations at this time as there are some legacy components in Puppet that make it difficult to properly limit the scope to the organization level.
- Any resources that are not scoped per orgnization (operating system, architecture) are not contained by the Org Admin role. This will be enhanced in future releases.
How to Create an Org Admin role
The below content comes from Example 5.1 in Section 5.4: Granular Permission Filtering in the Satellite 6.3 Administering Red Hat Satellite Guide.
This example shows how to create an administrative role restricted to a single organization named org-1.
- Navigate to Administer → Roles.
- Clone the existing Organization admin role. Select Clone from the drop-down list next to the Filters button. You are then prompted to insert a name for the cloned role, for example org-1 admin.
- Click the desired locations and organizations to associate them with the role.
- Click Submit to create the role.
Click org-1 admin, and click Filters to view all associated filters.
The default filters work for most use cases. However, you can optionally click Edit to change the properties for each filter.
For some filters, you can enable the Override option if you want the role to be able to access resources in additional locations and organizations. For example, by selecting the Domain resource type, the Override option, and then additional locations and organizations using the Locations and Organizations tabs, you allow this role to access domains in the additional locations and organizations that is not associated with this role. You can also click New filter to associate new filters with this role.