Chapter 17. Users and Roles

A User defines a set of details for individuals using the system. Users can be associated with organizations and environments, so that when they create new entities, the default settings are automatically used. Users can also have one or more roles attached, which grants them rights to view and manage organizations and environments. See Section 17.1, “Creating and Managing Users” for more information on working with users.
You can manage permissions of several users at once by organizing them into user groups. User groups themselves can be further grouped to create a hierarchy of permissions. See Section 17.2, “Creating User Groups” for more information on creating user groups.
Roles define a set of permissions and access levels. Each role contains one on more permission filters that specify the actions allowed for the role. Actions are grouped according to the Resource type. Once a role has been created, users and user groups can be associated with that role. This way, you can assign the same set of permissions to large groups of users. Red Hat Satellite provides a set of predefined roles and also enables creating custom roles and permission filters as described in Section 17.3, “Creating and Managing Roles”.

17.1. Creating and Managing Users

For the administrator, Red Hat Satellite provides the ability to create, modify, and remove users. Also, it is possible to configure access permissions through assigning roles to users.

17.1.1. Creating a User

The following steps show how to create a user:

Procedure 17.1. To Create a User:

  1. Navigate to AdministerUsers and then click New User.
  2. Enter the required details on the User tab.
  3. On the Locations tab, select the required locations for this user.
  4. On the Organizations tab, select the required organizations for this user.
  5. On the Roles tab, select the required roles for this user. Active roles are displayed in the right panel.
  6. Click Submit to create the user.

17.1.2. Editing a User

The following steps show how to edit details of an existing user:

Procedure 17.2. To Edit an Existing User:

  1. Navigate to AdministerUsers.
  2. Click the user name of the user to be altered. General information about the user will appear on the right.
  3. You can modify the user's username, first name, surname, email address, default location, default organization, language, and password in the User tab.
  4. You can modify the user's assigned locations in the Locations tab.
  5. You can modify the user's assigned organizations in the Organizations tab. If no organization is selected, the user can access all available organizations.
  6. You can modify the user's assigned roles in the Roles tab.
  7. Click Save to save your changes.

17.1.3. Assigning Roles to a User

By default, a new user has no roles assigned. The following procedure describes how to assign one or more roles to a user. You can select from predefined roles, or define a custom role as described in Section 17.3.1, “Creating a Role”. You can apply a similar procedure to user groups.

Procedure 17.3. To Assign a Role to a User:

  1. Navigate to AdministerUsers.
  2. Click the user name of the user that you want to modify. General information about the user appears on the right.
  3. Click the Roles tab to display the list of available role assignments.
  4. Select role you want to assign to the user in the Roles list. The list contains the predefined roles, as well as any custom roles, see Table 17.1, “Predefined Roles Available in Red Hat Satellite”. Alternatively, select the Administrator check box to assign all available permissions to the selected user.
  5. Click Save.
To view the roles assigned to any user, access the Roles tab as described in the first three steps of the above procedure. To remove a role, click the role name in the Selected items list in the Roles tab.

17.1.4. Configuring Email Notifications

The following procedure shows how to configure email notifications.

Procedure 17.4. To Configure Email Notifications:

  1. Navigate to AdministerUsers.
  2. Click the user name of the user you want to edit.
  3. On the Mail Preferences tab, select Mail enabled to enable updates.
  4. Select the type of notifications the user will receive. The following notification types are available:
    • Puppet error state is a notification sent after a host reports an error related to Puppet. To enable these notifications, select Subscribe from the drop-down menu.
    • Puppet summary is a summary of Puppet reports. Choose the frequency of emails from the drop-down list that offers Daily, Weekly, or Monthly updates.
    • Satellite Host Advisory is a summary of applicable and installable errata for hosts managed by the user. Choose the frequency of emails from the drop-down list that offers Daily, Weekly, or Monthly updates.
    • Satellite Promote Errata is a notification sent only after a content view promotion. It contains a summary of errata applicable and installable to hosts registered to the promoted content view. This allows you to monitor what updates have been applied to which hosts. To enable these notifications, select Subscribe from the drop-down menu.
    • Satellite Sync Errata is a notification sent only after synchronizing a repository. It contains a summary of new errata introduced by the synchronization. To enable these notifications, select Subscribe from the drop-down menu.
  5. Click Submit.
The configuration of outgoing emails from the Satellite server is stored in /etc/foreman/email.yaml. You can select to deliver messages through an SMTP server or using the sendmail command. For example, the following configuration uses SMTP as a delivery method: 
production:
  email_delivery:
    delivery_method: :smtp
    smtp_settings:
      address: smtp.example.com
      port: 25
      domain: example.com
      authentication: :login
      user_name: satellite@example.com
      password: satellite
The user_name and password directives specify the login credentials for the SMTP server. The default /etc/foreman/email.yaml contains authentication: :none.
The following example uses gmail.com as an SMTP server: 
production:
  email_delivery:
    delivery_method: :smtp
    smtp_settings:
      enable_starttls_auto: true
      address: "smtp.gmail.com" 
      port: '587'
      domain: "smtp.gmail.com" 
      authentication: :plain
      user_name: "user@gmail.com" 
      password: "password"

Note

If your SMTP server uses TLS authentication, perform one of the following steps:
  • Mark the CA certificate of the SMTP server as trusted. To do so, execute the following commands on the Satellite server: 
    # cp mailca.crt /etc/pki/ca-trust/source/anchors/
# update-ca-trust enable
# update-ca-trust
    Where mailca.crt is the CA certificate of the SMTP server.
  • Alternatively, add the following directive to /etc/foreman/email.yaml under smtp_settings: 
    enable_starttls_auto: :false
The following example uses the sendmail command as a delivery method: 
production:
  email_delivery:
    delivery_method: :sendmail
    sendmail_settings:
      arguments: "-i -t -G"
You can use the arguments directive to pass command-line options to sendmail, default value of arguments is "-i -t". For more information see the sendmail(1) man page.

Important

After updating the /etc/foreman/email.yaml file, run the following command to apply the changes: 
# katello-service restart
You can set the additional email settings, such as the reply address or subject prefix, in Satellite GUI at AdministerSettings under the General tab.

17.1.5. Removing a User

The following procedure describes how to remove an existing user.

Procedure 17.5. To Remove a User:

  1. On the main menu, click AdministerUsers to open the Users page.
  2. Click the Delete link to the right of the username you want to delete.
  3. In the alert box, click OK to delete the user.