Hi Users,
I plan to authenticate my users using AD/LDAP. However, I do not want to
grant all users on Foreman with admin privileges.
What is the best way to "filter" user privileges based on environment??
For example I want user Ana to grant admin privileges for all hosts on dev,
test and prod environments
User Bob should have only admin privileges for all hosts on dev environment.
Is it possible to to this with foreman??
Thanks!
Cesar
Depends what you mean by 'admin' 
An admin in Foreman has no restrictions whatsoever - they can see
everything, do everything. So strictly speaking, the answer to your
question is "no".
However, if you redefine your meaning slightly, and create a role with all
the permissions in (I think there is a 'Manager' role created by default
like this), then you have a normal user, which can have filters applied as
normal.
Hope that helps,
Greg
Hi Users,
I plan to authenticate my users using AD/LDAP. However, I do not want to
grant all users on Foreman with admin privileges.What is the best way to “filter” user privileges based on environment??
For example I want user Ana to grant admin privileges for all hosts on
dev, test and prod environments
User Bob should have only admin privileges for all hosts on dev
environment.Is it possible to to this with foreman??
Hi Greg, thanks for your answer.fo
Then I assume this is possible. I will define a new FACT "environment" in
Puppet and then expose it to foreman to be used as filter for which hosts a
user can see/edit etc and which not.
Cheers,
Cesar
That should work, but it would be far simpler to enable the Locations
feature in Foreman 1.1 or higher and then restrict which Locations each
user can see
Greg
Hi Greg, thanks for your answer.fo
Then I assume this is possible. I will define a new FACT “environment” in
Puppet and then expose it to foreman to be used as filter for which hosts a
user can see/edit etc and which not
Hi Greg!
great!!! thanks a lot!! this is exactly what I was looking for 
Cesar