Actions
Feature #19342
closedAllow non-admin user to assign roles they don't have to another user
Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
Users, Roles and Permissions
Target version:
-
Description
It would be nice if there was a separation between Foreman Admin and Org Admins, as in a multi tenancy environment.
Foreman Admin should be able to able to:
Foreman Admin should be able to able to:
- Adding Organizations and Org Admins for it
- Delegating Subscriptions to Orgs
- Admin should only be allowed to create Orgs and Admin user for it, but not manage actual content (hosts, puppet, LC, CV,...)
- Subscription management
- Users
- Adding and deploying hosts
- Create LC, CV,puppet,...
- actually what Foreman Admin does for the whole Foreman today, but only for it's own Organization (esp. no access to other Orgs)
to ensure that the actual Foreman Admin is allowed only to create new Organization and the Org Admin users.
In other words, a total separation between the Foreman Admin and Orgs Admins is desired.
- Create different Orgs as Foreman Admin and create Org Admins for it
- Upload Manifest as Foreman Admin and delegate Subscriptions (also partly) to different Orgs
- Check that Foreman Admin is not able to enter any Org (i.e. can only view that the Org is there and which Admins
are assigned to it, but nothing more) - Login as Org admin and check that all functionality today sat admin has is there (except entering different Orgs)
- Especially check that delegated Subscriptions and associated repositories are available
Actions