API User Role Suggestions

Sean_Alderman · June 12, 2014, 4:30pm

Are there any API users who could suggest some least privilege role
definitions for access to Foreman's API from remote systems?

I'm not entirely clear on how UI permissions relate to API permissions, if
at all. I would like to build two API user roles, one which can read
almost any information that the API provides and another which could modify
parameters at host/hostgroup levels, and perhaps more.

One use case is use the API to manage Nagios Contacts, ContactGroups, and
HostGroups in a way that mirrors Foreman's information on host owner, the
owner's User Group, and host's Hostgroup(s). The groups are not well
suited to be developed out of stored_configs in Puppet, since exporting a
contact group resource on each host based on it's owner's group or host
group will lead to duplicate resource issues.

Thanks.

Gwmngilfen · June 17, 2014, 10:23am

They should map pretty much directly - create your users and play with
the permissions until you can do the things you want (and only what
you want) in the UI, and that should be the same in the API too.

Greg

···

On 12 June 2014 17:30, Sean Alderman wrote: > Are there any API users who could suggest some least privilege role > definitions for access to Foreman's API from remote systems? > > I'm not entirely clear on how UI permissions relate to API permissions, if > at all. I would like to build two API user roles, one which can read almost > any information that the API provides and another which could modify > parameters at host/hostgroup levels, and perhaps more.