Plugins » Katello

The documentation around ISS says that the downstream satellite's credentials needs edit_organization permissions to download the certificate

Version-Release number of selected component (if applicable):
https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html-single/installing_satellite_server_in_a_disconnected_network_environment/index#configuring-server-to-synchronize-content-over-a-network_satellite

How reproducible:
Every time

Why is this OK and is there a workaround for customers that do not want to give downstream owners edit_organization permissions

Steps:
Create a role with

• view_organizations
• view_products
• view_lifecycle_environments
• view_content_views

• Create a user with this role.

• From a 2nd foreman server try to pull content from this server using network sync using the above user.

Expected:
Downstream Sync + Enable should work

Actual:
Unable to download debug certificate without the edit organization permissions

Download debug certs requires edit organization. However we should also allow it if the user can view organization and export_content.