« Previous -
Version 2/18
(diff) -
Next » -
Current version
Paul Kelly, 11/08/2010 04:15 pm
Roles and permissions. Under construction.¶
A user's access to the features of Foreman are constrained by the roles and permissions that they are granted. These permissions are also used to restrict the set of hosts and domains that a user is able to access and modify.
Note: a user with global admin enabled is not restricted by the authorization system. This is the default for installations that do not have :login: enabled in config/settings.yml.
A normal user will be granted one or more roles within the system and the permissions associated with these roles are aggregated and determine the final permission set.
Roles may be administered only by a user with global admin privileges.
Roles¶
These may be created, deleted and edited on the '''Roles'' page. Each role can be associates with one or more base privileges
Permissions¶
| Permission | Description |
|---|---|
| Permissions for Architectures, Authentication providers, environments, External variables, Common parameters, Host groups, Medias, Models, Operating systems, Partition tables, Puppet classes and User groups | |
| view | The user is allowed to see this type of object when listing them on the index page |
| create | The user is allowed to create this type of object |
| edit | The user is allowed to edit this type of object |
| destroy | The user is allowed to destroy this type of object |
| Permissions for Domains | |
| view | The user is allowed to see a list of domains when viewing the index page |
| create | The user is allowed to create a new domain and will also be able to create domain parameters |
| edit | The user is allowed to edit a domain and will also be able to edit a domain's parameters. If they have a domain filtering active in their profile then only these domains will be editable |
| destroy | The user is allowed to destroy a domain and will also be able to destroy domain parameters. If they have a domain filtering active in their profile then only these domains will be deletable |
| Permissions for Hosts | |
| Permissions for Users | |
| view | The user is allowed to see a list of users when viewing the index page. A user will always be able to see their own account even if they do not have this permission |
| create | The user is allowed to create a new user |
| edit | The user is allowed to edit existing users. A user will always be able to edit their own basic account settings and password |
| destroy | The user is allowed to delete users from the system |
