Unable to upload a package to Custom Product using Hammer CLI as a non-admin user on Red Hat Satellite 6 .

Solution Verified - Updated -

Environment

  • Red Hat Satellite 6.x

Issue

  • Unable to upload a package to Custom Product using Hammer CLI as a non-admin user.

Resolution

  • The required permissions, as mentioned below, are needed to update any Product or repositories and hence, should be associated with the User to perform the task:

    • view_products
    • create_products
    • edit_products
    • destroy_products
    • sync_products
    • export_products

  • To add the permission on the Red Hat Satellite WebUI:

    • Add the Filter in a Role:
      • Click on Administer -> Select Roles -> Click on New Role -> Enter Name -> Submit -> Click on the drop-down arrow for the Role -> Add Filter -> Select the Resource Type as Products and Repositories -> Add the Permission - edit_products -> Submit.
    • Assign the Role to the User:
      • Click on Administer -> Users -> Select the User -> Roles -> Search and click on the particular Role -> Submit.

  • To add the permission using Hammer CLI:

    • Add the Filter to a Role:
    # hammer filter create --role ROLE_NAME --permission-ids PERM_ID1, PERM_ID2...
# hammer filter available-permissions                                                              > Find the permissions to be added to the role
    • Assign the Role to the User:
    # hammer user add-role --id USER_ID --role ROLE_NAME
    • For details on roles and permissions see the output of the below commands:
    # hammer role --help 
# hammer filter --help

Root Cause

  • A User needs to have the Role with the appropriate Filters assigned to be authorized to perform any tasks.

Diagnostic Steps

  • Run the hammer command with the debug option and check for the below snippet of the error:
# hammer -d repository upload-content --path '/root/package.rpm'  --organization-label org --id 111 --product-id 123
...
    "error" => {
        "message" => "Access denied",
        "details" => "Missing one of the required permissions: edit_products"
...
    }
  • Confirm the filter in the role of the user:
# hammer user list
# hammer user info --id <USER_ID>                                      || Note the name of the Role
# hammer role filters --name <ROLE_NAME>

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.