<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body><div>You are not missing anything. I have seen this before with other automation I have done. Pretty much anything useful needs a power user. The API is old and just not that soohisticated from an RBAC perspective (Sat6 is much more sophisticated).</div><div><br></div><div>Long story short, I have historically kept scripts as root only, directly on the Satellite box..</div><div><br></div><div>Best Regards</div><div>Scott M</div><div><br></div><div id="composer_signature"><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><div style="font-size:85%;color:#575757">Sent from my Verizon Wireless 4G LTE smartphone</div><div style="font-size:85%;color:#575757"><br></div><div style="font-size: 85%;"><div><span style="color: rgb(87, 87, 87);">Scott McCarty, RHCA<br>Email: </span><font color="#3367fd">scott.mccarty@gmail.com</font></div><div><font color="#575757">Twitter: </font><font color="#3367fd">@fatherlinux</font><br></div><div><span style="color: rgb(87, 87, 87);">Cell: </span><font color="#3367fd">330-807-1043</font><br><font color="#575757">Web: </font><a href="http://crunchtools.com" original_font_attr="-1" original_line_height_attr=""><font color="#3367fd">http://crunchtools.com</font></a></div></div></div><div style="font-size:100%;color:#000000"><!-- originalMessage --><div>-------- Original message --------</div><div>From: Rick Hornsby <richardjhornsby@gmail.com> </div><div>Date: 9/3/2015 9:22 AM (GMT-08:00) </div><div>To: Central OH Linux User Group - 432xx <colug-432@colug.net> </div><div>Subject: [colug-432] RHEL Satellite v5 api user privileges </div><div><br></div></div><br>Have a very simple script which hits our Satellite (version 5 - Satellite v5 not RHEL 5) server API to check if a host is registered (by hostname) or not. There are three possible outcomes: the hostname is registered, the hostname is not registered, or (most important to us) the hostname has been registered more than once.<br><br>The trouble I'm running into is that the API user account I created seems to need way more privileges than what ought to be necessary. The user seems to have to be at least an 'Organization Administrator' - which basically gives the account full read/write access to everything in Satellite. If the privileges are anything less, the result set from the XMLRPC call to system.getId always returns an empty array.<br><br>Looking at the Satellite manual isn't much help - other than to imply user privileges are only allowed to be selected from a small set of pre-defined RH-supplied options. The only one with enough access (based on testing) is the Org Admin.<br><br>Am I missing something?<br><br>thanks!<br>_______________________________________________<br>colug-432 mailing list<br>colug-432@colug.net<br>http://lists.colug.net/mailman/listinfo/colug-432<br></body></html>