Role needed for Openscap management in Satellite 6


Can anyone help me figure out what role I need to ask for if I want to be able to manage openscap content on a registered Satellite 6.7. Content, policies, tailoring files as well as running openscap scans and view reports.

The role Compliance manager was added to my user but I still can’t assign an OpenScap Capsule to a host or upload new content (datastreams). Should that be enough or is that something else? I can run a scan on an already correctly configured system so much is already working. I’m using ansible, not puppet to add foreman_scap_client to hosts.



can you tell which action (from logs) is giving you error and I can look it up in the codebase what permissions might be missing.



Thanks for helping out. I’m now back at work and since it’s a big installation the log files are pretty active. At least /var/log/foreman/production.log. Do you have any hints what to look for and in what log files? The only suspicious logs in production.log complained about something with qrouterd. Could that be relevant?

I also got a felling it could be permission related to file system or something. When I click Hosts->Policies->New Compliance Policy, activate radio button “Ansible” and click “Next” all is frozen for like 10 seconds and then the “New Compliance Policy” page is reloaded.

Do you know where in the file system the new policy files are located and under which user they are created?


Now I’ve worked it out with the Satellite admin. It wasn’t a role issue. You have to choose a Location before you could work with new policies. Don’t know if it is by design or a config mistake. On my Foreman server (2.2.1) at home it works with “Any Location”. But I only have one location…

Thank you.