Bug #36503
closed
edit_organization permissions needed on upstream satellite
Description
The documentation around ISS says that the downstream satellite's credentials needs edit_organization permissions to download the certificate
Version-Release number of selected component (if applicable):
https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html-single/installing_satellite_server_in_a_disconnected_network_environment/index#configuring-server-to-synchronize-content-over-a-network_satellite
How reproducible:
Every time
Why is this OK and is there a workaround for customers that do not want to give downstream owners edit_organization permissions
Steps:Create a role with
- view_organizations
- view_products
- view_lifecycle_environments
- view_content_views
- Create a user with this role.
- From a 2nd foreman server try to pull content from this server using network sync using the above user.
Expected:
Downstream Sync + Enable should work
Actual:
Unable to download debug certificate without the edit organization permissions
Download debug certs requires edit organization. However we should also allow it if the user can view organization and export_content.
Updated by The Foreman Bot over 1 year ago
- Status changed from New to Ready For Testing
- Assignee set to Partha Aji
- Pull request https://github.com/Katello/katello/pull/10601 added
Updated by Partha Aji over 1 year ago
- Target version set to Katello 4.9.0
- Triaged changed from No to Yes
Updated by The Foreman Bot over 1 year ago
- Fixed in Releases Katello 4.10.0 added
Updated by Partha Aji over 1 year ago
- Status changed from Ready For Testing to Closed
Applied in changeset katello|fe0481cd6c9ddcdf9f923675560a3c0d6ef207e8.
Updated by The Foreman Bot over 1 year ago
- Pull request https://github.com/Katello/katello/pull/10623 added