Chapter 4. Users and Roles

A User defines a set of details for individuals using the system. Users can be associated with organizations and environments, so that when they create new entities, the default settings are automatically used. Users can also have one or more roles attached, which grants them rights to view and manage organizations and environments. See Section 4.1, “Creating and Managing Users” for more information on working with users.
You can manage permissions of several users at once by organizing them into user groups. User groups themselves can be further grouped to create a hierarchy of permissions. See Section 4.2, “Creating User Groups” for more information on creating user groups.
Roles define a set of permissions and access levels. Each role contains one on more permission filters that specify the actions allowed for the role. Actions are grouped according to the Resource type. Once a role has been created, users and user groups can be associated with that role. This way, you can assign the same set of permissions to large groups of users. Red Hat Satellite provides a set of predefined roles and also enables creating custom roles and permission filters as described in Section 4.3, “Creating and Managing Roles”.

4.1. Creating and Managing Users

For the administrator, Red Hat Satellite provides the ability to create, modify, and remove users. Also, it is possible to configure access permissions through assigning roles to users.

4.1.1. Creating a User

The following steps show how to create a user:

Procedure 4.1. To Create a User:

  1. Navigate to AdministerUsers and then click New User.
  2. On the User tab, enter the required details.
  3. On the Locations tab, select the required locations for this user.
  4. On the Organizations tab, select organizations accessible to this user. The current active organization is selected by default. If you specify multiple organizations, you can select the default organization for user login from the drop-down list.
  5. On the Roles tab, select the required roles for this user. Active roles are displayed in the right panel.
  6. Click Submit to create the user.

4.1.2. Editing a User

The following steps show how to edit details of an existing user:

Procedure 4.2. To Edit an Existing User:

  1. Navigate to AdministerUsers.
  2. Click the user name of the user to be altered. General information about the user will appear on the right.
  3. In the User tab, you can modify the user's user name, first name, surname, email address, default location, default organization, language, and password.
  4. In the Locations tab, you can modify the user's assigned locations.
  5. In the Organizations tab, you can modify the user's assigned organizations.
  6. In the Roles tab, you can modify the user's assigned roles.
  7. Click Save to save your changes.

4.1.3. Assigning Roles to a User

By default, a new user has no roles assigned. The following procedure describes how to assign one or more roles to a user. You can select from predefined roles, or define a custom role as described in Section 4.3.1, “Creating a Role”. You can apply a similar procedure to user groups.

Procedure 4.3. To Assign a Role to a User:

  1. Navigate to AdministerUsers. If a user account created is not listed, check that you are currently viewing the right organization. To list all users in Satellite, click Default Organization and then Any Organization. The organization view is changed to Any Context.
  2. Click the user name of the user that you want to modify. General information about the user appears on the right.
  3. Click the Locations tab, and select a location if none is assigned.
  4. Click the Organizations tab, and check that an organization is assigned.
  5. Click the Roles tab to display the list of available role assignments.
  6. Select role you want to assign to the user in the Roles list. The list contains the predefined roles, as well as any custom roles, see Table 4.1, “Predefined Roles Available in Red Hat Satellite”. Alternatively, select the Administrator check box to assign all available permissions to the selected user.
  7. Click Save.
To view the roles assigned to any user, click the Roles tab; the assigned roles are listed under Selected items. To remove a role, from the Selected items, click a role name and it will be removed.

4.1.4. Configuring Email Notifications

Email notification is a per-user setting, with no email notifications enabled by default. If you want email notifications sent to a group's email address, instead of an individual's email address, create a user account with the group's email address and minimal Satellite permissions, then subscribe the user account to the desired notification types.

Important

Satellite Server does not enable outgoing emails by default, therefore you must review your email configuration. For more information, see Configuring Satellite Server for Outgoing Emails in the Red Hat Satellite Installation Guide.

Procedure 4.4. To Configure Email Notifications:

  1. Navigate to AdministerUsers.
  2. Click the Username of the user you want to edit.
  3. On the User tab, check the Email address field. Ensure that it contains a valid email address. The address will be associated with the user account, and the notifications selected in the following steps will be sent there.
  4. Click the Email Preferences tab and select Mail enabled to enable email notifications.
  5. Select the notifications you want the user to receive.
    • Audit summary is a summary of all activity audited by the Satellite Server. To enable these notifications, select the frequency of emails from the drop-down list that offers Daily, Weekly, or Monthly updates. Enter a query in the associated query field to narrow the audit activity included.
    • Host built is a notification sent when a host is built. To enable these notifications, select Subscribe from the drop-down menu.
    • Host errata advisory is a summary of applicable and installable errata for hosts managed by the user. To enable these notifications, select the frequency of emails from the drop-down list that offers Daily, Weekly, or Monthly updates.
    • OpenSCAP policy summary is a summary of OpenSCAP policy reports and their results. To enable these notifications, select the frequency of emails from the drop-down list that offers Daily, Weekly, or Monthly updates.
    • Promote errata is a notification sent only after a Content View promotion. It contains a summary of errata applicable and installable to hosts registered to the promoted Content View. This allows you to monitor what updates have been applied to which hosts. To enable these notifications, select Subscribe from the drop-down menu.
    • Puppet error state is a notification sent after a host reports an error related to Puppet. To enable these notifications, select Subscribe from the drop-down menu.
    • Puppet summary is a summary of Puppet reports. To enable these notifications, select the frequency of emails from the drop-down list that offers Daily, Weekly, or Monthly updates.
    • Sync errata is a notification sent only after synchronizing a repository. It contains a summary of new errata introduced by the synchronization. To enable these notifications, select Subscribe from the drop-down menu.
  6. Click Submit.
Testing Email Delivery

To test email delivery to the email address associated with a user account, open the Satellite web UI, navigate to AdministerUsers, click on the user name, click the Email Preferences tab and click Test email. A test email message is then sent immediately to the user's email address. If it does not arrive, first verify the user's email address, then the Satellite Server's email configuration, after which you may need to examine firewall and mail server logs.

Testing Email Notifications

To verify that your subscription to selected email notifications is valid, you can have all periodic notifications sent to you on request. Note that it will trigger all notifications scheduled for the specified frequency, and affect all users who have subscribed to it. Sending on request notifications to individual users is currently not supported.

To trigger the notifications, execute the following command on the Satellite Server:
# foreman-rake reports:frequency
Where frequency stands for a specific time period:
  • daily
  • weekly
  • monthly

4.1.5. Removing a User

The following procedure describes how to remove an existing user.

Procedure 4.5. To Remove a User:

  1. On the main menu, click AdministerUsers to open the Users page.
  2. Click the Delete link to the right of the user name you want to delete.
  3. In the alert box, click OK to delete the user.