Chapter 7. Managing Users and Permissions

For the administrator, Red Hat Satellite provides the ability to create, modify, and remove users. Also, it is possible to configure access permissions through assigning roles to users. This section shows how to perform these tasks using hammer. For web UI equivalents of the following procedures see Managing Users and Roles in Administering Red Hat Satellite.

7.1. Creating Users

User in Red Hat Satellite defines a set of details for individuals using the system. To configure a user in Red Hat Satellite, hammer provides the user create and user update commands. Create a new user with the following command:

$ hammer user create \
--login user_name \
--password user_password \
--mail user_mail \
--auth-source-id 1 \
--organization-ids org_ID1,org_ID2...

The --auth-source-id 1 setting means that the user is authenticated internally, you can specify an external authentication source as an alternative. Add the --admin option to grant administrator privileges to the user. Specifying organization IDs is not required, you can modify the user details later using the update subcommand.

For more information on user related subcommands see the output of hammer user --help.

7.2. Creating User Groups

You can manage permissions of several users at once by organizing them into user groups. User groups themselves can be further grouped to create a hierarchy of permissions. Use the following command to create a new user group:

$ hammer user-group create --name usergroup_name

To add a user to a user group, issue the following command:

$ hammer user-group add-user --user user_name --id usergroup_id

Find the user group ID by executing hammer user-group list. Similarly, you can add user groups using the add-user-group subcommand. For more information on operations related to user groups see the output of hammer user-group --help.

7.3. Creating Roles

Roles in Red Hat Satellite define a set of permissions and access levels. Satellite provides a number of predefined roles, to view them, enter the following command:

$ hammer role list

To view permissions associated with a role, issue the following command:

$ hammer role filters --id role_id

Here, role_id is the ID of the role from the output of hammer role list.

To create a custom role, issue the following command:

$ hammer role create --name role_name

Add a permission filter to the role with the following command:

$ hammer filter create \
--role role_name \
--permission-ids perm_ID1,perm_ID2...

Find the permissions to be added to the role by using hammer filter available-permissions. For details on roles and permissions see the output of hammer role --help and hammer filter --help.

Example 7.1. Granular Permission Filtering

Red Hat Satellite provides the ability to limit the configured user permissions to selected instances of a resource type. Use the --search option to limit permission filters, for example:

$ hammer filter create \
--permission-ids 91 \
--search "name ~ ccv*" \
--role qa-user

The above command adds to the qa-user role a permission to view, create, edit, and destroy Content Views that only applies to Content Views with name starting with ccv. See Granular Permission Filtering in Administering Red Hat Satellite for more information.

7.4. Assigning Roles to Users

To assign a role to a user, issue the following command:

$ hammer user add-role --id user_id --role role_name

Similarly, you can assign a role to a user group:

$ hammer user-group add-role --id usergroup_id --role role_name

7.5. Adding SSH Keys to a User

The following steps show how to add public SSH keys to an existing user using the hammer. To create SSH keys or for more information, see Generating Key Pairs in the Red Hat Enterprise Linux 7 System Administrator’s Guide.

For web UI equivalents of the following procedures see Adding SSH keys to a User in Administering Red Hat Satellite.

Prerequisite

You need either the path to the public SSH key file, or the content of the public SSH key copied to the clipboard.

If you have the public SSH key file:

$ hammer user ssh-keys add --user-id user_id --name key_name --key-file ~/.ssh/id_rsa.pub

If you have the content of the public SSH key:

$ hammer user ssh-keys add --user-id user_id --name key_name --key ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNtYAAABBBHHS2KmNyIYa27Qaa7EHp+2l99ucGStx4P77e03ZvE3yVRJEFikpoP3MJtYYfIe8k 1/46MTIZo9CPTX4CYUHeN8= host@user

7.6. Deleting SSH Keys from a User

To delete an SSH key from a user:

$ hammer user ssh-keys delete --id key_id --user-id user_id

7.7. Viewing SSH Keys of a User

To view an SSH key attached to a user:

$ hammer user ssh-keys info --id key_id --user-id user_id

To list SSH keys attached to a user:

$ hammer user ssh-keys list --user-id user_id