Permissions for sync from an upstream Katello server

groyc · April 29, 2022, 12:39pm

Hello,

Problem:
On the Katello, in the “CDN Configuration” tab, it is requested to fill in the credentials.

Are there specific permissions without being admin to be able to synchronize from an upstream Katello?
I can’t find the inter-sync server related documentation regarding these permissions.

Expected outcome:
Use an account without administrator rights for synchronization.

Foreman and Proxy versions:
katello-4.3.1-1.el8.noarch
foreman-3.1.2-2.el8.noarch

Foreman and Proxy plugin versions:
katello-4.3.1-1.el8.noarch
foreman-3.1.2-2.el8.noarch

Distribution and version:
Red Hat Enterprise Linux release 8.5 (Ootpa)

sajha · April 29, 2022, 7:47pm

You should have a user with viewing permissions for lifecycle environments, content views, products and repositories. The user should also belong to the organization that the environment belongs to.
Those should be sufficient permissions to sync from the server.

Partha_Aji · April 29, 2022, 8:48pm

I just checked. You should be able to connect and sync with the following user permissions

View Organization
Edit Organization (to download the debug certificate)
View Content Views
View Lifecycle Environments
View Products.

Will check with @Lennonka to document this

groyc · May 3, 2022, 2:35pm

Hi @Partha_Aji and @sajha

Thanks, I confirm it works.
I think it’s useful to indicate in the documentation because it’s a good security practice