Bug #21353

Unable to change the default Satellite username "admin-username"

Added by Marek Hulán over 4 years ago. Updated almost 2 years ago.

Users, Roles and Permissions
Target version:
Bugzilla link:
Fixed in Releases:
Found in Releases:


Cloned from

Description of problem:

-After initial setup I attempted to change the default user
name and password from "admin-username" and "admin-password"
-From the GUI I can change the username and password but as soon as I hit submit the username returns to "admin-username"

Version-Release number of selected component (if applicable):
Satellite 6.2.11

How reproducible:
Easily Reproducible

Steps to Reproduce:
1. After new install of RedHat Satellite 6.2.11 using the installer with --foreman-admin-username gk-admin attempt to change username
2. Hit Submit when username and password changed
3. The username returns to the old "admin-username"

Actual results:

Expected results:
Expected the username to update to the new name.
Logging out and logging back in does not matter.

Additional info:

The problem is that installer allows user to modify the default admin username while in UI it's not properly detected as default admin and the username field is not disabled. The reason is we hardcode 'admin' login in app/views/users/_form.html.erb

<%= text_f f, :login, :disabled => f.object.login == 'admin' %>

Related issues

Related to Foreman - Bug #21849: Login field disabled with "External user login can not be changed"Closed

Associated revisions

Revision 02d1635c (diff)
Added by Shira Maximov over 4 years ago

Fixes #21353 - users can edit login if they have permissions


#1 Updated by Marek Hulán over 4 years ago

  • Difficulty set to easy
  • Category set to 218
  • Subject changed from Unable to change the default Satellite username "admin-username" to Unable to change the default Satellite username "admin-username"

There's more in this issue. The reason why it does not work is that strong params drops login parameter if user is editing himself/herself, see

The second part is that we disable the login field for users with login == 'admin', see that does not make sense since we can have more than one admin.

Changing the login should be supported including user themselves in case the auth source is INTERNAL. For external auth sources this would be dangerous. After discussion with Evgeni and Ewoud, we came to conclusion that updating login and other sensitive fields (auth source) should be only allowed to user with edit_users permission, while self editing of other attributes (e.g. email) should be allowed to everyone.

So the properly fix this issue, following is required:
1) keep fields disabled only while self editing and current user does not have edit_users permission, the disabled field should have a hover tooltip explaining why the field is disabled
2) update strong params to follow the same logic, accepting login and auth source fields only for users with edit_users permission

#2 Updated by The Foreman Bot over 4 years ago

  • Status changed from New to Ready For Testing
  • Pull request added

#3 Updated by Shira Maximov over 4 years ago

  • Assignee set to Shira Maximov

#4 Updated by Daniel Lobato Garcia over 4 years ago

  • Legacy Backlogs Release (now unused) set to 296

#5 Updated by Shira Maximov over 4 years ago

  • % Done changed from 0 to 100
  • Status changed from Ready For Testing to Closed

#6 Updated by Ivan Necas over 4 years ago

  • Related to Bug #21849: Login field disabled with "External user login can not be changed" added

#7 Updated by Tomer Brisker almost 2 years ago

  • Category changed from 218 to Users, Roles and Permissions

Also available in: Atom PDF