Problem:
User has the Organisation Admin role and cannot create a new Operating System.
Attempting to create a new Operating System results in the following error:
**Unable to save**
· You don't have permission create_operatingsystems with attributes that you have specified or you don't have access to specified locations or organisations
Expected outcome:
Organisation Admins can create Operating Systems within the context of their Organisation.
Foreman and Proxy versions:
Foreman 1.16.0
Foreman-Proxy 1.16.0
Katello 3.5.2
Foreman and Proxy plugin versions:
bastion Bastion 6.1.5
foreman-tasks 0.10.9
foreman_azure 1.3.1
foreman_default_hostgroup 4.0.1
foreman_discovery 10.0.0
foreman_docker 3.2.1
foreman_hooks 0.3.14
foreman_memcache 0.0.6
foreman_remote_execution 1.3.3
foreman_setup 5.0.0
foreman_templates 5.0.1
katello 3.5.2
puppetdb_foreman 3.0.2
Other relevant data:
User is a member of and group assigned an Organization Admin role.
The Organisation Admin role is cloned from the default Organization Admin role and associated with specific Locations and a specific Organization.
The user is associated with the same specific Locations and Organization as the cloned Role.
User and Role info
# hammer user info --login my.user
Id: 8le
Login: my.user
Name: My User
Email: my.user@site.au
Admin: no
Last login: 2018/11/02 01:50:22
Authorized by: OUR-LDAP
Effective admin: no
Locale: en
Timezone: Perth
Description:
Default organization:
Default location:
Roles:
Default role
User groups:
1) Usergroup: Right-Adm-Foreman.ENS.Linux.Org.Admins
Roles:
ens_linux-org-admin
Inherited User groups:
Locations:
central_office
dr
Organizations:
Enterprise Servers Linux
Created at: 2018/11/02 01:45:14
Updated at: 2018/11/02 01:45:40
# hammer role info --id 19
Id: 19
Name: ens_linux-org-admin
Builtin: no
Description:
Locations:
central_office
dr
Organizations:
Enterprise Servers Linux
# hammer role filters --id 19
----|------------------------------|--------|------------|-----------|---------------------|---------------------------------------------------------------------------------
ID | RESOURCE TYPE | SEARCH | UNLIMITED? | OVERRIDE? | ROLE | PERMISSIONS
----|------------------------------|--------|------------|-----------|---------------------|---------------------------------------------------------------------------------
240 | Architecture | none | yes | no | ens_linux-org-admin | view_architectures, create_architectures, edit_architectures, destroy_archite...
241 | Audit | none | yes | no | ens_linux-org-admin | view_audit_logs
242 | AuthSourceLdap | none | no | no | ens_linux-org-admin | view_authenticators, create_authenticators, edit_authenticators, destroy_auth...
243 | Bookmark | none | yes | no | ens_linux-org-admin | view_bookmarks, create_bookmarks, edit_bookmarks, destroy_bookmarks
244 | ComputeProfile | none | yes | no | ens_linux-org-admin | view_compute_profiles, create_compute_profiles, edit_compute_profiles, destro...
245 | ComputeResource | none | no | no | ens_linux-org-admin | view_compute_resources, create_compute_resources, edit_compute_resources, des...
246 | ConfigGroup | none | yes | no | ens_linux-org-admin | view_config_groups, create_config_groups, edit_config_groups, destroy_config_...
247 | (Miscellaneous) | none | yes | no | ens_linux-org-admin | access_dashboard, view_plugins, view_statistics, view_tasks, my_organizations
248 | Domain | none | no | no | ens_linux-org-admin | view_domains, create_domains, edit_domains, destroy_domains
249 | Environment | none | no | no | ens_linux-org-admin | view_environments, create_environments, edit_environments, destroy_environmen...
250 | ExternalUsergroup | none | yes | no | ens_linux-org-admin | view_external_usergroups, create_external_usergroups, edit_external_usergroup...
251 | FactValue | none | yes | no | ens_linux-org-admin | view_facts, upload_facts
252 | Filter | none | no | no | ens_linux-org-admin | view_filters, create_filters, edit_filters, destroy_filters
253 | HostClass | none | yes | no | ens_linux-org-admin | edit_classes
254 | Hostgroup | none | no | no | ens_linux-org-admin | view_hostgroups, create_hostgroups, edit_hostgroups, destroy_hostgroups
255 | Host | none | no | no | ens_linux-org-admin | view_hosts, create_hosts, edit_hosts, destroy_hosts, build_hosts, power_hosts...
256 | Image | none | yes | no | ens_linux-org-admin | view_images, create_images, edit_images, destroy_images
257 | KeyPair | none | yes | no | ens_linux-org-admin | view_keypairs, destroy_keypairs
258 | Location | none | yes | no | ens_linux-org-admin | view_locations, create_locations, edit_locations, destroy_locations, assign_l...
259 | PuppetclassLookupKey | none | yes | no | ens_linux-org-admin | view_external_parameters, create_external_parameters, edit_external_parameter...
260 | MailNotification | none | yes | no | ens_linux-org-admin | view_mail_notifications
261 | Medium | none | no | no | ens_linux-org-admin | view_media, create_media, edit_media, destroy_media
262 | Model | none | yes | no | ens_linux-org-admin | view_models, create_models, edit_models, destroy_models
263 | Operatingsystem | none | yes | no | ens_linux-org-admin | view_operatingsystems, create_operatingsystems, edit_operatingsystems, destro...
264 | VariableLookupKey | none | yes | no | ens_linux-org-admin | view_external_variables, create_external_variables, edit_external_variables, ...
265 | Parameter | none | yes | no | ens_linux-org-admin | view_params, create_params, edit_params, destroy_params
266 | Ptable | none | no | no | ens_linux-org-admin | view_ptables, create_ptables, edit_ptables, destroy_ptables, lock_ptables
267 | ProvisioningTemplate | none | no | no | ens_linux-org-admin | view_provisioning_templates, create_provisioning_templates, edit_provisioning...
268 | Puppetclass | none | yes | no | ens_linux-org-admin | view_puppetclasses, create_puppetclasses, edit_puppetclasses, destroy_puppetc...
269 | Realm | none | no | no | ens_linux-org-admin | view_realms, create_realms, edit_realms, destroy_realms
270 | Role | none | yes | no | ens_linux-org-admin | view_roles, create_roles, edit_roles, destroy_roles
271 | SmartProxy | none | no | no | ens_linux-org-admin | view_smart_proxies, create_smart_proxies, edit_smart_proxies, destroy_smart_p...
272 | SshKey | none | yes | no | ens_linux-org-admin | view_ssh_keys, create_ssh_keys, destroy_ssh_keys
273 | Subnet | none | no | no | ens_linux-org-admin | view_subnets, create_subnets, edit_subnets, destroy_subnets, import_subnets
274 | Trend | none | yes | no | ens_linux-org-admin | view_trends, create_trends, edit_trends, destroy_trends, update_trends
275 | Usergroup | none | yes | no | ens_linux-org-admin | view_usergroups, create_usergroups, edit_usergroups, destroy_usergroups
276 | User | none | no | no | ens_linux-org-admin | view_users, create_users, edit_users, destroy_users
277 | ConfigReport | none | yes | no | ens_linux-org-admin | view_config_reports, destroy_config_reports, upload_config_reports
278 | ForemanTasks::Task | none | yes | no | ens_linux-org-admin | view_foreman_tasks, edit_foreman_tasks
279 | Container | none | no | no | ens_linux-org-admin | view_containers, commit_containers, create_containers, destroy_containers
280 | JobTemplate | none | no | no | ens_linux-org-admin | view_job_templates, create_job_templates, edit_job_templates, destroy_job_tem...
281 | Template | none | yes | no | ens_linux-org-admin | import_templates, export_templates
282 | ForemanTasks::RecurringLogic | none | yes | no | ens_linux-org-admin | create_recurring_logics, view_recurring_logics, edit_recurring_logics
283 | DockerRegistry | none | no | no | ens_linux-org-admin | view_registries, create_registries, destroy_registries
284 | DiscoveryRule | none | no | no | ens_linux-org-admin | view_discovery_rules, create_discovery_rules, edit_discovery_rules, execute_d...
285 | RemoteExecutionFeature | none | yes | no | ens_linux-org-admin | edit_remote_execution_features
286 | Docker/ImageSearch | none | yes | no | ens_linux-org-admin | search_repository_image_search
287 | Katello::ActivationKey | none | no | no | ens_linux-org-admin | view_activation_keys, create_activation_keys, edit_activation_keys, destroy_a...
288 | JobInvocation | none | yes | no | ens_linux-org-admin | create_job_invocations, view_job_invocations
289 | Katello::ContentView | none | no | no | ens_linux-org-admin | view_content_views, create_content_views, edit_content_views, destroy_content...
290 | Katello::GpgKey | none | no | no | ens_linux-org-admin | view_gpg_keys, create_gpg_keys, edit_gpg_keys, destroy_gpg_keys
291 | TemplateInvocation | none | yes | no | ens_linux-org-admin | execute_template_invocation, filter_autocompletion_for_template_invocation
292 | Katello::HostCollection | none | no | no | ens_linux-org-admin | view_host_collections, create_host_collections, edit_host_collections, destro...
293 | Katello::KTEnvironment | none | no | no | ens_linux-org-admin | view_lifecycle_environments, create_lifecycle_environments, edit_lifecycle_en...
294 | Katello::Product | none | no | no | ens_linux-org-admin | view_products, create_products, edit_products, destroy_products, sync_product...
295 | Katello::Subscription | none | yes | no | ens_linux-org-admin | view_subscriptions, attach_subscriptions, unattach_subscriptions, import_mani...
296 | Katello::SyncPlan | none | no | no | ens_linux-org-admin | view_sync_plans, create_sync_plans, edit_sync_plans, destroy_sync_plans
----|------------------------------|--------|------------|-----------|---------------------|---------------------------------------------------------------------------------
logs