Hi James, The following worked for me. The READ operation is used during the registration of a client.
pulp-admin role create --role registration-users pulp-admin permission grant --role registration-users \ --resource /consumers/ --operation CREATE --operation READ pulp-admin user create --username consumer-registrar \ --password=register --name "Used for consumer registrations" pulp-admin role add --role registration-users --user consumer-registrar Regards, Willem On Fri, Dec 9, 2011 at 5:18 PM, James Hogarth <[email protected]> wrote: > > Hi, > > Trying to lock down the minimum permissions to register a consumer > given that pulp-consumer -u <username> -p <password> register --id > `uname -n` would be needed in the kickstart and that would be plainly > visible.... > > It appears that /consumers/ CREATE is sufficient... but I'm not sure > exactly how the user for the system gets created with that little > permissions for the registration user.... > > Is that purely backend? Is there anything I'm missing or not seeing by > allowing /consumers/ CREATE to a kickstart registration user? > > Thanks, > > James > > _______________________________________________ > Pulp-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/pulp-list _______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
