Location Permissions issues

I am having issues dealing with locations/organizations and permissions.

I am currently using foreman 1.13.4.

My test user is not an administrator.
My test user belongs to a single role with "view_locations" as its only
filter.
The role has all locations and organizations associated to it.
When I create a new location, under "Users", I check the "All Users"
checkbox. (All of our locations have this as well.)
My test user cannot see this new location (tested via curl
/api/v2/locations).

It seems the only way I can get this user to view the location is by
manually adding the user to the location within the user administration
page. Is this expected? What is the purpose of the "All Users" checkbox,
then?

Note, this is just a simplified version of my problem - what I'm really
trying to do is to grant users the ability to create discovery rules (but
not restrict them by location), but the lack of visibility into locations
is causing problems.

I think you're hitting [1], the fix is in review [2].

[1] Bug #6150: Users need locations added even if "All users" is ticked - Foreman
[2] https://github.com/theforeman/foreman/pull/4111

Hope this helps

··· -- Marek

On pondělí 24. července 2017 20:18:53 CEST Tim Rosine wrote:

I am having issues dealing with locations/organizations and permissions.

I am currently using foreman 1.13.4.

My test user is not an administrator.
My test user belongs to a single role with “view_locations” as its only
filter.
The role has all locations and organizations associated to it.
When I create a new location, under “Users”, I check the "All Users"
checkbox. (All of our locations have this as well.)
My test user cannot see this new location (tested via curl
/api/v2/locations).

It seems the only way I can get this user to view the location is by
manually adding the user to the location within the user administration
page. Is this expected? What is the purpose of the “All Users” checkbox,
then?

Note, this is just a simplified version of my problem - what I’m really
trying to do is to grant users the ability to create discovery rules (but
not restrict them by location), but the lack of visibility into locations
is causing problems.