Hi, all!

By default Foreman comes with Viewer role configured with these misc
filters:

(Miscellaneous)access_dashboard, view_plugins, access_settings,
view_statistics, view_tasks[image: Toggle_check]none
<https://spc01.stratus.lux.ebay.com/filters/43/edit?role_id=5-Viewer>
Edit <https://spc01.stratus.lux.ebay.com/filters/43/edit?role_id=5-Viewer>
After creating a user with that role, I'm not able to see the settings,
which I thought would be available with access_settings filter enabled. Am
I wrong in my expectations?

curl -kSs -u $FOREMAN_USER:$FOREMAN_PASS

https://localhost/api/settings/foreman_url
{
"error": {"message":"Access denied","details":null}
}

I see the following DEBUG messages:

> Started GET "/api/settings/foreman_url" for 127.0.0.1 at 2016-01-11
16:18:15 -0700
2016-01-11 16:18:15 [app] [I] Processing by
Api::V2::SettingsController#show as JSON
2016-01-11 16:18:15 [app] [I] Parameters: {"apiv"=>"v2",
"id"=>"foreman_url"}
2016-01-11 16:18:16 [app] [I] Authorized user $USER($USER)
2016-01-11 16:18:16 [app] [I] Rendered
api/v2/errors/access_denied.json.rabl within api/v2/layouts/error_layout
(1.7ms)
2016-01-11 16:18:16 [app] [I] Filter chain halted as :authorize rendered or
redirected
2016-01-11 16:18:16 [app] [I] Completed 403 Forbidden in 368ms (Views:
15.1ms | ActiveRecord: 25.1ms)

Thanks!

The permission shouldn't really be available, since settings are
hardcoded to be limited to admins only. It isn't possible to delegate
granular permissions to view or modify them.