Chapter 7. Managing Users and Permissions
For the administrator, Red Hat Satellite provides the ability to create, modify, and remove users. Also, it is possible to configure access permissions through assigning roles to users. This section shows how to perform these tasks using
hammer. For web UI equivalents of the following procedures see Users and Roles in the Red Hat Satellite Server Administration Guide.
7.1. Creating Users
User in Red Hat Satellite defines a set of details for individuals using the system. To configure a user in Red Hat Satellite,
hammer provides the
user create and
user update commands. Create a new user with the following command:
$ hammer user create \ --login <user_name> \ --password <user_password> \ --mail <user_mail> \ --auth-source-id 1 \ --organization-ids <org_ID1>,<org_ID2>...
--auth-source-id 1 setting means that the user is authenticated internally, you can specify an external authentication source as an alternative. Add the
--admin option to grant administrator privileges to the user. Specifying organization IDs is not required, you can modify the user details later using the
For more information on user related subcommands see the output of
hammer user --help.
7.2. Creating User Groups
You can manage permissions of several users at once by organizing them into user groups. User groups themselves can be further grouped to create a hierarchy of permissions. Use the following command to create a new user group:
$ hammer user-group create --name <usergroup_name>
To add a user to a user group, issue the following command:
$ hammer user-group add-user --user <user_name> --id <usergroup_id>
Find the user group ID by executing
hammer user-group list. Similarly, you can add user groups using the
add-user-group subcommand. For more information on operations related to user groups see the output of
hammer user-group --help.
7.3. Creating Roles
Roles in Red Hat Satellite define a set of permissions and access levels. Satellite provides a number of predefined roles, to view them, enter the following command:
$ hammer role list
To view permissions associated with a role, issue the following command:
$ hammer role filters --id <role_id>
Here, <role_id> is the ID of the role from the output of
hammer role list.
To create a custom role, issue the following command:
$ hammer role create --name <role_name>
Add a permission filter to the role with the following command:
$ hammer filter create \ --role <role_name> \ --permission-ids <perm_ID1>,<perm_ID2>...
Find the permissions to be added to the role by using
hammer filter available-permissions. For details on roles and permissions see the output of
hammer role --help and
hammer filter --help.
Example 7.1. Granular Permission Filtering
Red Hat Satellite provides the ability to limit the configured user permissions to selected instances of a resource type. Use the
--search option to limit permission filters, for example:
$ hammer filter create \ --permission-ids 91 \ --search "name ~ ccv*" \ --role qa-user
The above command adds to the qa-user role a permission to view, create, edit, and destroy Content Views that only applies to Content Views with name starting with
ccv. See Granular Permission Filtering in the Satellite Server Administration Guide for more information.
7.4. Assigning Roles to Users
To assign a role to a user, issue the following command:
$ hammer user add-role --id <user_id> --role <role_name>
Similarly, you can assign a role to a user group:
$ hammer user-group add-role --id <usergroup_id> --role <role_name>