[Pulp-list] Minimum permissions to register a consumer
Willem Bos
bos.h.willem at gmail.com
Fri Dec 9 16:22:35 UTC 2011
Hi James,
The following worked for me. The READ operation is used during the
registration of a client.
pulp-admin role create --role registration-users
pulp-admin permission grant --role registration-users \
--resource /consumers/ --operation CREATE --operation READ
pulp-admin user create --username consumer-registrar \
--password=register --name "Used for consumer registrations"
pulp-admin role add --role registration-users --user consumer-registrar
Regards,
Willem
On Fri, Dec 9, 2011 at 5:18 PM, James Hogarth <james.hogarth at gmail.com> wrote:
>
> Hi,
>
> Trying to lock down the minimum permissions to register a consumer
> given that pulp-consumer -u <username> -p <password> register --id
> `uname -n` would be needed in the kickstart and that would be plainly
> visible....
>
> It appears that /consumers/ CREATE is sufficient... but I'm not sure
> exactly how the user for the system gets created with that little
> permissions for the registration user....
>
> Is that purely backend? Is there anything I'm missing or not seeing by
> allowing /consumers/ CREATE to a kickstart registration user?
>
> Thanks,
>
> James
>
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
More information about the Pulp-list
mailing list