Chapter 7. Managing Users and Permissions
For the administrator, Red Hat Satellite provides the ability to create, modify, and remove users. Also, it is possible to configure access permissions through assigning roles to users. This section shows how to perform these tasks using
hammer. For web UI equivalents of the following procedures see Managing Users and Roles in Administering Red Hat Satellite.
7.1. Creating Users
User in Red Hat Satellite defines a set of details for individuals using the system. To configure a user in Red Hat Satellite,
hammer provides the
user create and
user update commands. Create a new user with the following command:
$ hammer user create \ --login user_name \ --password user_password \ --mail user_mail \ --auth-source-id 1 \ --organization-ids org_ID1,org_ID2...
--auth-source-id 1 setting means that the user is authenticated internally, you can specify an external authentication source as an alternative. Add the
--admin option to grant administrator privileges to the user. Specifying organization IDs is not required, you can modify the user details later using the
For more information on user related subcommands see the output of
hammer user --help.
7.2. Creating User Groups
You can manage permissions of several users at once by organizing them into user groups. User groups themselves can be further grouped to create a hierarchy of permissions. Use the following command to create a new user group:
$ hammer user-group create --name usergroup_name
To add a user to a user group, issue the following command:
$ hammer user-group add-user --user user_name --id usergroup_id
Find the user group ID by executing
hammer user-group list. Similarly, you can add user groups using the
add-user-group subcommand. For more information on operations related to user groups see the output of
hammer user-group --help.
7.3. Creating Roles
Roles in Red Hat Satellite define a set of permissions and access levels. Satellite provides a number of predefined roles, to view them, enter the following command:
$ hammer role list
To view permissions associated with a role, issue the following command:
$ hammer role filters --id role_id
Here, role_id is the ID of the role from the output of
hammer role list.
To create a custom role, issue the following command:
$ hammer role create --name role_name
Add a permission filter to the role with the following command:
$ hammer filter create \ --role role_name \ --permission-ids perm_ID1,perm_ID2...
Find the permissions to be added to the role by using
hammer filter available-permissions. For details on roles and permissions see the output of
hammer role --help and
hammer filter --help.
Example 7.1. Granular Permission Filtering
Red Hat Satellite provides the ability to limit the configured user permissions to selected instances of a resource type. Use the
--search option to limit permission filters, for example:
$ hammer filter create \ --permission-ids 91 \ --search "name ~ ccv*" \ --role qa-user
The above command adds to the qa-user role a permission to view, create, edit, and destroy Content Views that only applies to Content Views with name starting with
ccv. See Granular Permission Filtering in Administering Red Hat Satellite for more information.
7.4. Assigning Roles to Users
To assign a role to a user, issue the following command:
$ hammer user add-role --id user_id --role role_name
Similarly, you can assign a role to a user group:
$ hammer user-group add-role --id usergroup_id --role role_name
7.5. Adding SSH Keys to a User
The following steps show how to add public SSH keys to an existing user using the
hammer. To create SSH keys or for more information, see Generating Key Pairs in the Red Hat Enterprise Linux 7 System Administrator’s Guide.
For web UI equivalents of the following procedures see Adding SSH keys to a User in Administering Red Hat Satellite.
You need either the path to the public SSH key file, or the content of the public SSH key copied to the clipboard.
If you have the public SSH key file:
$ hammer user ssh-keys add --user-id user_id --name key_name --key-file ~/.ssh/id_rsa.pub
If you have the content of the public SSH key:
$ hammer user ssh-keys add --user-id user_id --name key_name --key ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNtYAAABBBHHS2KmNyIYa27Qaa7EHp+2l99ucGStx4P77e03ZvE3yVRJEFikpoP3MJtYYfIe8k 1/46MTIZo9CPTX4CYUHeN8= host@user
7.6. Deleting SSH Keys from a User
To delete an SSH key from a user:
$ hammer user ssh-keys delete --id key_id --user-id user_id
7.7. Viewing SSH Keys of a User
To view an SSH key attached to a user:
$ hammer user ssh-keys info --id key_id --user-id user_id
To list SSH keys attached to a user:
$ hammer user ssh-keys list --user-id user_id