Managing User Access to the Red Hat Customer Portal and the Red Hat Network Application

Red Hat Customer Portal 1

Creating and Configuring User Accounts

Edition 4

Red Hat Global Support Services

Abstract

User-account logins for the Red Hat Customer Portal and the Red Hat Network (RHN) application are unified under a Single Sign-On (SSO) system. This guide describes the User Management application that allows you to create and configure user accounts to separately control access to resources and functionality for both the Red Hat Customer Portal and the RHN application.

Chapter 1. Basic User Management

This chapter describes how to create new user accounts, change user settings and permissions, and deactivate user accounts.

1.1. Accessing the User Management Application

The User Management application allows you to create and configure user accounts to separately control access to resources and functionality for both the Red Hat Customer Portal and the Red Hat Network (RHN) application.
  1. Log into the Customer Portal as an Organization Administrator.

    Note

    Only an RHN user whose account has been configured with the role of Organization Administrator can create and configure RHN and Red Hat Customer Portal user accounts. RHN Organization Administrators have unlimited access to RHN resources and functionality, and they have root privileges for all systems assigned to their organization on RHN. All other RHN users can access only the systems assigned to them and can use RHN to perform only the tasks associated with their assigned Roles. For more information on user roles, see Section 1.3.1.4, “Access Permissions Tab” below or section 6.9.1.1.1 of the RHN Reference Guide.
  2. In the upper-right corner of the Customer Portal, click your user name and choose Account Settings.
    You will see the following screen:
    Organization Administrator Dashboard

    Figure 1.1. Organization Administrator Dashboard

    Note

    If you cannot see the User Management link on the right side of this page, you do not have permissions to create and configure online user accounts for RHN and the Red Hat Customer Portal. Please see your RHN Organization Administrator to change the permissions for your user account.
  3. Click User Management to display a list of user accounts that have been configured for your organization.
    You will see the following screen:
    User List

    Figure 1.2. User List

1.2. Creating New User Accounts

You can create a new user manually, or you can bulk upload a list of users.

1.2.1. Creating a Single New User Account

To create a single new user account for the RHN and Red Hat Customer Portal applications, click Add new user in the upper-right corner of the User List page (shown above). You will be taken to the initial configuration page for the new account:
Adding a New User

Figure 1.3. Adding a New User

Complete the information for the new user account and click Save. For more information on roles, see Section 1.3.1.4, “Access Permissions Tab” below.

1.2.2. Creating Multiple New User Accounts

To create multiple new user accounts for the RHN and Red Hat Customer Portal applications, click Upload new users in the upper-right corner of the User List page. You will be taken to the CSV Upload page:
CSV Bulk Upload

Figure 1.4. CSV Bulk Upload

On this page, you can upload and preview a CSV file of new user accounts.

Note

Be sure to download the template provided on the CSV Upload page to ensure that you are using the correct format. Once your users have been created, you cannot delete them. Please double-check your file before uploading. Also, please note that no more than 100 users can be added at one time.

1.3. Changing Settings and Permissions for Existing User Accounts

To configure an existing online user account, access the User List page, select the desired user(s) you wish to modify, and click Edit.

1.3.1. Managing RHN User Access - Changing Single Settings

If you select a single user, you will see the General tab on the configuration page for the user account:
Modifying an Existing User

Figure 1.5. Modifying an Existing User

The user account configuration page has the following seven tabs:
  • General
  • Login Information
  • User Preferences
  • Access Permissions
  • System Groups
  • Systems
  • Chanel Permissions
The next subsections describe these tabs in more detail.

1.3.1.1. General Tab

On the General tab (shown above), you can enter the user's name, job title, department name/number, and contact information. Click Save at the bottom of the page to apply your changes.
This page also displays history information about when the user was created and when the user's information was last updated.

1.3.1.2. Login Information Tab

Use the Login Information tab to change the password for the user account. Enter the new password twice and click Save to change the password.

Note

You cannot change the user name for an existing user account.
Changing a User's Password

Figure 1.6. Changing a User's Password

1.3.1.3. User Preferences Tab

Use the User Preferences tab to select the language and time zone for the RHN and Red Hat Customer Portal applications. Click Save to apply your changes.
Changing a User's Preferences

Figure 1.7. Changing a User's Preferences

1.3.1.4. Access Permissions Tab

Use the Access Permissions tab to control the user's access to resources and functionality for the Red Hat Customer Portal and the RHN application. Permissions for each environment are controlled separately, as described below.
Changing a User's Permissions

Figure 1.8. Changing a User's Permissions

Use the Access Permissions section of this tab to configure user access permissions for the Red Hat Customer Portal. Check the boxes that correspond to the Red Hat Customer Portal resources and functionality that you want the user to be able to access. When users with restricted access permissions log into the Red Hat Customer Portal, they will be able to see all available menus. However, if those users click on a menu for which they do not have access, the Red Hat Customer Portal will display an error message.
The four checkboxes under the Access Permissions section control access to different resources on the Red Hat Customer Portal, as described in the table below.

Table 1.1. Access Permissions

Customer Portal Access Permissions Checkbox What It Controls
Manage Support Cases Allows the user to view, create, and update support cases under the Support Cases section of the Support menu.
View/Renew Subscription Information Allows the user to view account subscription and renewal information in the Subscriptions section of the Subscriptions menu.
Download Middleware Software & Updates Allows the user to access JBoss Middleware downloads. Applies only to JBoss Middleware downloads through the Red Hat Customer Portal and does not restrict access to any downloads via RHN. You can restrict access to RHN downloads via the Channel Permissions section described in Chapter 2, Advanced User Management.
Manage Your Subscriptions Allows the user to access Red Hat Certificate-Based Subscription Management under the Certificate-Based Management section of the Subscriptions menu.
View/Edit All
  • Allows the user to view and edit all the account systems under the unit and distributor tabs.
  • User can view all details on the overview page and has access to all functionality.
  • User can view all subscriptions available in inventory and take actions such as downloading certificates.
  • User can view subscription utilization page.
  • User can view and take action on all Units
    • Register systems
    • Attach subscriptions
    • Auto attach
    • Delete systems
    • View/Download certificates
    • Download/Regenerate Identity Certs
  • User can view and take action on all Subscription Management Applications
    • Register Subscription Management Applications
    • View all Subscription Management Applications
    • Update
    • Attach Subscriptions
    • Download Manifest
    • Delete Systems
    • Remove Subscriptions
    • Download/Regenerate Identity Certs
View All (for non-org admin users)
  • Allows the user to view all the account systems under the unit and distributor tabs
  • User can view all details on the overview page
  • User can view all subscriptions available in inventory and can take actions such as downloading certificates and export all to CSV.
  • User can view subscription utilization page.
  • User who can view all Units
    • Can not register a system
    • Can not attach subscriptions
    • Can not Auto attach
    • Can not Delete systems
    • View/Download certificates.
    • Download/Regenerate Identity Certs
  • User can view all Subscription Management Applications (SMA)
    • Can not Register a Subscription Management Applications
    • View all Subscription Management Applications
    • Can not Update
    • Can not attach Subscriptions
    • Can not download Manifest
    • Can not delete Systems
    • Can not remove Subscriptions
    • Can download/regenerate Identity Certs
View/Edit only mine (for non-org admin users)
  • Allows the user to view and edit only the systems under the unit and distributor tabs they have registered.
  • User can view all details on the overview page and has access to all functionality.
  • User can view all subscriptions available in inventory and take actions such as downloading certificates.
  • User can view subscription utilization page.
  • User can view and take action on only their Units
    • Register their system
    • Attaching subscriptions to their systems
    • Auto attach to their systems
    • Delete their systems
    • View/Download certificates for their systems
    • Download/Regenerate Identity Certs for their systems
User can view and take action on their SMA(Subscription Mgt Applications)
  • Register their SMA
  • View their SMA
  • Update
  • Attach Subscriptions
  • Download Manifest
  • Delete Systems
  • Remove Subscriptions
  • Download/Regenerate Identity Certs
Use the Account Roles and RHN Roles sections of this tab to configure user access permissions for the RHN application. Check the boxes that correspond to the roles that you want to assign to the RHN user. The table below briefly describes each role. For more detailed information, see section 6.9.1.1.1 of the RHN Reference Guide.

Table 1.2. User Roles

Role Title Role Responsibility/Access
Organization Administrator
This role can perform any function available within RHN or the Red Hat Customer Portal. As the master account for your organization, this user can alter the privileges of all other accounts, as well as conduct any of the tasks available to the other roles. Like the other roles, multiple Organization Administrators may exist.
While it is possible for one Organization Administrator to remove Organization Administrator rights from another user, it is impossible to remove Organization Administrator rights from the sole remaining Organization Administrator. It is possible to remove your own Organization Administrator privileges so long as you are not the last Organization Administrator.
Channel Administrator This role has complete access to the software channels and related associations within your organization. This user may change the base channels of systems, make channels globally subscribable, and create entirely new channels.
System Group Administrator This role is one step below Organization Administrator in that it has complete authority over the systems and system groups to which it is granted access. This user can create new system groups, delete any assigned systems groups, add systems to groups, and manage user access to groups.
Monitoring Administrator This role allows for the scheduling of probes and oversight of other monitoring infrastructure.
Configuration Administrator This role enables the user to manage the configuration of systems in the organization.
Activation Key Administrator This role is designed to manage your organization's collection of activation keys. This user can create, modify, and delete any key within your overarching account.
Click Save to apply your changes.

1.3.1.5. System Groups Tab

On the System Groups tab, you can use the checkboxes to set a user's access permissions to each system group. You can also select one or more default system groups for the user so that when the user registers a system, that system will be assigned to the selected group or groups.
Changing a User's Assigned System Groups

Figure 1.9. Changing a User's Assigned System Groups

1.3.1.6. Systems Tab

On the Systems tab, you can select from the systems listed for use in the System Set Manager. Click Save at the bottom of the page to apply your changes.
Changing a User's Assigned Systems

Figure 1.10. Changing a User's Assigned Systems

1.3.1.7. Channel Permissions Tab

On the Channel Permissions tab, you can find the list of channels available to your organization. You may grant explicit channel subscription permission to a user for each of the channels listed.
Changing a User's Channel Subscription Permissions

Figure 1.11. Changing a User's Channel Subscription Permissions

1.3.2. Changing Settings for Multiple Users

If you select multiple users, you will see a pop-up with checkbox selections, allowing you to edit roles for all selected users at one time. Click Apply to save your changes.
Changing Access Permissions for Multiple Users

Figure 1.12. Changing Access Permissions for Multiple Users

1.4. Deactivating and Reactivating User Accounts

To protect data integrity, a user account cannot be deleted. However, an RHN Organization Administrator can deactivate and reactivate existing user accounts as necessary.

1.4.1. Deactivating Users

To deactivate existing user accounts, select the checkbox next to the desired user name(s) on the User List page and select Deactivate to deactivate the accounts.
Deactivating Multiple Users

Figure 1.13. Deactivating Multiple Users

You can also deactivate a single user by following these steps:
  1. To deactivate an existing user account, begin by selecting the appropriate user name on the User List page and clicking Edit to display the General tab on the configuration page for the user account.
  2. In the upper-right corner of the page, click Deactivate user:
    Deactivating a User (1 of 3)

    Figure 1.14. Deactivating a User (1 of 3)

  3. Click Yes to confirm the deactivation:
    Deactivating a User (2 of 3)

    Figure 1.15. Deactivating a User (2 of 3)

  4. You will receive a confirmation message:
    Deactivating a User (3 of 3)

    Figure 1.16. Deactivating a User (3 of 3)

1.4.2. Reactivating Users

  1. To view a list of deactivated users, select the Inactive tab on the User List page.
  2. Select the desired user(s) to reactivate and select Activate.
    Reactivating Users (1 of 2)

    Figure 1.17. Reactivating Users (1 of 2)

  3. You will receive a confirmation message:
    Reactivating Users (2 of 2)

    Figure 1.18. Reactivating Users (2 of 2)

Chapter 2. Advanced User Management

The above information should be enough to get you started. However, if you need to restrict a user's download access via RHN, this section outlines the steps you should take.
  1. Unsubscribe the User from Channels

    To begin, you must first unsubscribe the user from channels.
    1. Select the desired user and navigate to the Channel Permissions tab.
    2. Click Management under the Channel Permissions tab:
      Channel Permissions

      Figure 2.1. Channel Permissions

    3. Uncheck the boxes next to all of the desired channel names.
    4. Click the Update Permissions button near the bottom of the page.
      Update Permissions

      Figure 2.2. Update Permissions

  2. Ensure Channels are Not Globally Subscribable

    You must make sure that there are no globally subscribable channels.
    1. Begin by navigating to the RHN System Set Manager and selecting Channels, as shown in the image below.
      Software Channels

      Figure 2.3. Software Channels

    2. Select Channel Details next to the desired release channel:
      Selecting Channel Details

      Figure 2.4. Selecting Channel Details

    3. Scroll down and uncheck the Globally Subscribable option:
      Globally Subscribable Option

      Figure 2.5. Globally Subscribable Option

    4. Click the Update button near the bottom of the screen.
  3. Update the User for Each Channel

    To completely remove all permissions, you must repeat Step 1 for the user and the channel that you updated in Step 2. However, you can use the Filter by Channel Name field to search for the correct channel (shown in the figure below) instead of selecting Management under the Channel Permissions tab.
    Updating User Access

    Figure 2.6. Updating User Access

    Once that is complete, repeat Step 2 and Step 3 until you have updated all the desired channels for that user.
  4. Ensure Other Users Maintain Access

    One unintended consequence of making sure that channels are not globally subscribable is that it unsubscribes other users from those channels as well. To subscribe users to channels that were previously globally subscribable, repeat Step 1 for each of those users, but check the box next to the appropriate channels to assign permissions.
  5. More Information

Legal Notice

Copyright © 2014 Red Hat, Inc..
This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.