What is minimum permission required for a Red Hat Satellite user account used by an AAP Inventory Source?
Environment
- Red Hat Satellite 6.6 and later
Issue
- Satellite is connected to Ansible Automation Platform to fetch inventory source for AAP callbacks where the 'INTERNAL' account created in Satellite for this connectivity has administrator privileges by default, but the requirement is to reduce this to only the minimum privileges required for this functionality to work.
Or
- To configure Ansible Tower with minimal permission account to authenticate to Satellite in order to pull a list of hosts, host groups, and host facts.
Resolution
-
Since,
Ansible Tower Inventory Readerrole is included and does not need to be manually created and have following filters:Resource Type: Host, Permission: view_hosts Resource Type: Host Group, Permission: view_hostgroups Resource Type: Fact value, Permission: view_facts -
Add a new Satellite user account by going to the Administer menu, selecting Users, and clicking Create User.
Finally, go to the Roles tab and configure the account to use the included Ansible Tower Inventory Reader role,
then click Submit to create the account. -
Ensure that all user details, including email ID, name, and other required information, are properly filled in.
-
For additional information refer Satellite and Ansible Tower integration
Root Cause
- Need to create a user with Ansible Tower Inventory Reader role.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments