In our infrastructure we have a hostgroup which contains stuff that should
be present on each and every node we install. We want this hostgroup to be
available/usable by all the puppet devs.
Then, I have a non-admin user with a role with all the hostgroup privileges
enabled
(view_hostgroups, create_hostgroups, edit_hostgroups, destroy_hostgroups)
and I want this user to be able to create hostgroups with the base group as
parent.
At the moment, when the user attempts to create new hostgroup, he won't see
any but his/her hostgroups in the combobox for the parent hostgroup. so eh
can't use it. In short, I would like everyone to be able to use a "base"
hostgroup as a parent.
Can I make the base hostgroup accessible to non-admin users with foreman
1.0.1 (latest stable AFAIK)?
Or is my idea out of the foreman access control concept?
> Hi,
>
> I have a question raised from following use case:
>
> In our infrastructure we have a hostgroup which contains stuff that should
> be present on each and every node we install. We want this hostgroup to be
> available/usable by all the puppet devs.
>
> Then, I have a non-admin user with a role with all the hostgroup
> privileges enabled
> (view_hostgroups, create_hostgroups, edit_hostgroups, destroy_hostgroups)
> and I want this user to be able to create hostgroups with the base group
> as parent.
>
> At the moment, when the user attempts to create new hostgroup, he won't
> see any but his/her hostgroups in the combobox for the parent hostgroup. so
> eh can't use it. In short, I would like everyone to be able to use a "base"
> hostgroup as a parent.
>
> Can I make the base hostgroup accessible to non-admin users with foreman
> 1.0.1 (latest stable AFAIK)?
> Or is my idea out of the foreman access control concept?
>
> This is a very relevant feature request.
I'm wondering if we should have a default parent hostgroup option (e.g. I
assume you dont want your non admin user to be able to edit the parent
hostgroup ).
Can you create a new issue, and lets discuss the details in there, I'm open
for suggestions of how that should be implemented, e.g.