Red Hat Training

A Red Hat training course is available for Red Hat Satellite

16.3. Creating and Managing Roles

Red Hat Satellite provides a set of predefined roles with permissions sufficient for standard tasks, as listed in Table 16.1, “Predefined Roles Available in Red Hat Satellite”. It is also possible to configure custom roles, and assign one or more permission filters to them. Permission filters define the actions allowed for a certain resource type. Certain Foreman plug-ins create roles automatically.

Table 16.1. Predefined Roles Available in Red Hat Satellite

RoleDescription[a]
Anonymous The set of permissions that every user is granted, irrespective of any other roles.
Discovery manager View, provision, edit, and destroy discovered hosts and manage discovery rules.
Discovery reader View hosts and discovery rules.
Boot disk access Download the boot disk.
Red Hat Access Logs View the log viewer and the logs.
Manager A most extensive set of permissions, the majority of actions from each resource type is enabled.
Edit partition tables View, create, edit and destroy partition tables.
View hosts View hosts.
Edit hosts View, create, edit, destroy, and build hosts.
Viewer A passive role that provides the ability to view the configuration of every element of the Satellite structure, logs, and statistics.
Site manager A restrained version of the Manager role.
Tasks manager View and edit Foreman tasks.
Tasks reader View Foreman tasks.
[a] The exact set of allowed actions associated with predefined roles can be viewed by the privileged user as described in Section 16.3.3, “Viewing Permissions Assigned to a Role”.

16.3.1. Creating a Role

The following steps show how to create a role.

Procedure 16.6. To Create a Role:

  1. Navigate to AdministerRoles.
  2. Click New Role.
  3. Provide a Name for the role.
  4. Click Submit to save your new role.
To serve its purpose, a role must contain permissions. After creating a role, proceed to Section 16.3.2, “Adding Permissions to an Existing Role”.

Note

Cloning an existing role is a time-saving method of role creation, especially if you want to create a new role that is a variation of an existing permission set. To clone a role, navigate to AdministerRoles and select Clone from the drop-down list to the right of the role to be copied. Select the name for the new role and alter the permissions as needed.

16.3.2. Adding Permissions to an Existing Role

The following steps show how to add permissions to a role.

Procedure 16.7. To Add Permissions to a Role:

  1. Navigate to AdministerRoles.
  2. Select Add Permission from the drop-down list to the right of the required role.
  3. Select the Resource type from the drop-down list. The (Miscellaneous) group gathers permissions that are not associated with any resource group.
  4. Click the permissions you want to select from the Permission list.
  5. Select whether the permission is Unlimited. This option is selected by default, which means that the permission is applied on all resources of the selected type. When you disable the Unlimited check box, the Search field activates. In this field you can specify further filtering with use of the Red Hat Satellite 6 search syntax. See Section 16.4, “Granular Permission Filtering” for details.
  6. Click Next.
  7. Click Submit to save changes.

16.3.3. Viewing Permissions Assigned to a Role

The following steps show how to view permissions assigned to an existing role.

Procedure 16.8. To View Permissions of a Role:

  1. Navigate to AdministerRoles.
  2. Click Filters to the right of the required role to get to the Filters page.
The Filters page contains a table of permissions assigned to a role grouped by the resource type.

16.3.4. Removing a Role

The following steps show how to remove an existing role.

Procedure 16.9. To Remove a Role:

  1. Navigate to AdministerRoles.
  2. Select Delete from the drop-down list to the right of the role to be deleted.
  3. In an alert box that appears, click OK to delete the role.