Hi,
I'm trying to configure a non-admin user which will only be allowed to
provision discovered hosts.
When I try and configure the network adapters (specifically choosing a
domain from the list) on a newly discovered host as this user, I get the
below error in the production.log.
Started POST "/hosts/domain_selected" for 192.168.1.5 at 2015-08-04
12:35:46 +0100
2015-08-04 12:35:46 [I] Processing by HostsController#domain_
selected as JSON
2015-08-04 12:35:46 [I] Parameters: {"domain_id"=>"10",
"interface"=>"true"}
2015-08-04 12:35:46 [I] Rendered common/403.html.erb (2.1ms)
2015-08-04 12:35:46 [I] Filter chain halted as :authorize rendered or
redirected
2015-08-04 12:35:46 [I] Completed 403 Forbidden in 33ms (Views: 3.7ms |
ActiveRecord: 6.9ms)
The spinner icon next to the domain just turns forever and doesn't let me
pick a subnet.
If I pick a subnet first, I get the following error in the IP address box:
Error generating IP: Forbidden
I am also unable to pick an OS from the list. On selecting the
architecture, the production log shows the following and the OS boxes are
greyed out:
Started POST "/architecture_selected_discovered_hosts" for 192.168.1.5 at
2015-08-04 12:44:58 +0100
2015-08-04 12:44:58 [I] Processing by HostsController#architecture_selected
as /
2015-08-04 12:44:58 [I] Parameters: {"architecture_id"=>"1"}
2015-08-04 12:44:58 [I] Rendered common/403.html.erb (0.6ms)
2015-08-04 12:44:58 [I] Filter chain halted as :authorize rendered or
redirected
2015-08-04 12:44:58 [I] Completed 403 Forbidden in 18ms (Views: 1.2ms |
ActiveRecord: 4.3ms)
I've set the following permissions in the role for this user (sorry for the
poor formatting):
Resource Permissions Unlimited Search
Host/managed view_discovered_hosts, provision_discovered_hosts,
edit_discovered_hosts, destroy_discovered_hosts, view_hosts Toggle_check
none
(Miscellaneous) access_dashboard, view_statistics Toggle_check none
Domain view_domains Toggle_check none
Subnet view_subnets Toggle_check none
Operatingsystem view_operatingsystems Toggle_check none
Architecture view_architectures Toggle_check none
I'm trying to give this user as little permissions as possible, but I can't
figure out what permissions I'm missing to allow this config to continue.
Any help is appreciated.
Thanks
J
Hello,
it should be sufficient to grant :create_hosts or :edit_hosts permission to
allow domain_selected action. The action itself then loads subnets for which
user has :view_subnets permission, so make sure he has proper filters for
subnets too.
···
--
Marek
On Tuesday 04 of August 2015 04:47:41 jamese wrote:
Hi,
I’m trying to configure a non-admin user which will only be allowed to
provision discovered hosts.
When I try and configure the network adapters (specifically choosing a
domain from the list) on a newly discovered host as this user, I get the
below error in the production.log.
Started POST “/hosts/domain_selected” for 192.168.1.5 at 2015-08-04
12:35:46 +0100
2015-08-04 12:35:46 [I] Processing by HostsController#domain_
selected as JSON
2015-08-04 12:35:46 [I] Parameters: {“domain_id”=>“10”,
“interface”=>“true”}
2015-08-04 12:35:46 [I] Rendered common/403.html.erb (2.1ms)
2015-08-04 12:35:46 [I] Filter chain halted as :authorize rendered or
redirected
2015-08-04 12:35:46 [I] Completed 403 Forbidden in 33ms (Views: 3.7ms |
ActiveRecord: 6.9ms)
The spinner icon next to the domain just turns forever and doesn’t let me
pick a subnet.
If I pick a subnet first, I get the following error in the IP address box:
Error generating IP: Forbidden
I am also unable to pick an OS from the list. On selecting the
architecture, the production log shows the following and the OS boxes are
greyed out:
Started POST “/architecture_selected_discovered_hosts” for 192.168.1.5 at
2015-08-04 12:44:58 +0100
2015-08-04 12:44:58 [I] Processing by HostsController#architecture_selected
as /
2015-08-04 12:44:58 [I] Parameters: {“architecture_id”=>“1”}
2015-08-04 12:44:58 [I] Rendered common/403.html.erb (0.6ms)
2015-08-04 12:44:58 [I] Filter chain halted as :authorize rendered or
redirected
2015-08-04 12:44:58 [I] Completed 403 Forbidden in 18ms (Views: 1.2ms |
ActiveRecord: 4.3ms)
I’ve set the following permissions in the role for this user (sorry for the
poor formatting):
Resource Permissions Unlimited Search
Host/managed view_discovered_hosts, provision_discovered_hosts,
edit_discovered_hosts, destroy_discovered_hosts, view_hosts Toggle_check
none
(Miscellaneous) access_dashboard, view_statistics Toggle_check none
Domain view_domains Toggle_check none
Subnet view_subnets Toggle_check none
Operatingsystem view_operatingsystems Toggle_check none
Architecture view_architectures Toggle_check none
I’m trying to give this user as little permissions as possible, but I can’t
figure out what permissions I’m missing to allow this config to continue.
Any help is appreciated.
Thanks
J
–
Marek
Hi Marek,
Thanks for the advice, that's working beautifully.
J
