Roles and permissions¶
A user's access to the features of Foreman are constrained by the roles and permissions that they are granted. The permissions are also used to restrict the set of hosts and domains that a user is able to access and modify.
Note: a user with global admin enabled is not restricted by the authorization system. This is the default for installations that do not have :login: enabled.
A normal user will be granted one or more roles within the system and the permissions associated with these roles are aggregated and determine the final permission set.
Roles may be administered only by a user with global admin privileges.
These may be created, deleted and edited on the '''Roles'' page. Each role can be associates with one or more base privileges