[colug-432] RHEL Satellite v5 api user privileges

Scott McCarty scott.mccarty at gmail.com
Thu Sep 3 13:36:34 EDT 2015

You are not missing anything. I have seen this before with other automation I have done. Pretty much anything useful needs a power user. The API is old and just not that soohisticated from an RBAC perspective (Sat6 is much more sophisticated).
Long story short, I have historically kept scripts as root only, directly on the Satellite box..
Best RegardsScott M
Sent from my Verizon Wireless 4G LTE smartphone
Scott McCarty, RHCA
Email: scott.mccarty at gmail.comTwitter: @fatherlinux
Cell: 330-807-1043
Web: http://crunchtools.com-------- Original message --------From: Rick Hornsby <richardjhornsby at gmail.com> Date: 9/3/2015  9:22 AM  (GMT-08:00) To: Central OH Linux User Group - 432xx <colug-432 at colug.net> Subject: [colug-432] RHEL Satellite v5 api user privileges 

Have a very simple script which hits our Satellite (version 5 - Satellite v5 not RHEL 5) server API to check if a host is registered (by hostname) or not.  There are three possible outcomes: the hostname is registered, the hostname is not registered, or (most important to us) the hostname has been registered more than once.

The trouble I'm running into is that the API user account I created seems to need way more privileges than what ought to be necessary.  The user seems to have to be at least an 'Organization Administrator' - which basically gives the account full read/write access to everything in Satellite.  If the privileges are anything less, the result set from the XMLRPC call to system.getId always returns an empty array.

Looking at the Satellite manual isn't much help - other than to imply user privileges are only allowed to be selected from a small set of pre-defined RH-supplied options.  The only one with enough access (based on testing) is the Org Admin.

Am I missing something?

colug-432 mailing list
colug-432 at colug.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20150903/1b22d847/attachment.html 

More information about the colug-432 mailing list