<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Jason,<br>
<br>
<a class="moz-txt-link-freetext" href="http://pulp-user-guide.readthedocs.org/en/latest/admin-client/authentication.html#permissions">http://pulp-user-guide.readthedocs.org/en/latest/admin-client/authentication.html#permissions</a><br>
The resource is essentially a URI path of a pulp rest api after
'/pulp/api' part. So eg. to give permission to all repositories,
you would use resource '/v2/repositories/'.<br>
<br>
There is no way to list all resources except to look at the api
documentation at
<a class="moz-txt-link-freetext" href="http://pulp-dev-guide.readthedocs.org/en/latest/integration/rest-api/">http://pulp-dev-guide.readthedocs.org/en/latest/integration/rest-api/</a>.
As expected if you have permissions to the prefix of a resource,
you will have same permissions to all sub-resources as well.
Permission to '/v2/repositories/' gives you permission to <tt
class="docutils literal"><span class="pre">'/v2/repositories/<repo_id>/distributors/<distributor_id>/</span></tt>'
as well. <br>
<br>
In your 2 examples, you should use following resources<br>
<br>
1. <tt class="docutils literal"><span class="pre">'/v2/content/uploads/'
and </span></tt><tt class="docutils literal"><span
class="pre">'/v2/repositories/</span></tt>'<br>
2. '<tt class="docutils literal"><span class="pre">/v2/consumers/'<br>
<br>
Note that the trailing slash is important. <br>
</span></tt><br>
Thanks,<br>
<br>
On 04/03/2014 11:24 AM, Ashby, Jason (IMS) wrote:<br>
</div>
<blockquote
cite="mid:B10E49DFB64A0A4D89A00D7C82B026D81A8BA174@VENUS.omni.imsweb.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<style>
<!--
@font-face
{font-family:"Cambria Math"}
@font-face
{font-family:Calibri}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif"}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif"}
span.EmailStyle17
{font-family:"Calibri","sans-serif";
color:windowtext}
.MsoChpDefault
{}
@page WordSection1
{margin:1.0in 1.0in 1.0in 1.0in}
div.WordSection1
{}
ul
{margin-bottom:0in}
-->
</style>
<div class="WordSection1">
<p class="MsoNormal">Hi all,</p>
<p class="MsoNormal">Is there a way to list all possible pulp
resources? E.g. pulp-admin auth permission list, but showing
resources and resource-id’s. I’m guessing this translates to
the URLs and REST API, but it’s not clear to me in the docs.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">The auth permission grant accepts just
about anything without error, e.g.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> pulp-admin auth permission grant
--resource /booyah1234 --role-id uploaders -o create -o read
-o update -o delete -o execute</p>
<p class="MsoNormal"> Permissions [/booyah1234: ['CREATE',
'READ', 'UPDATE', 'DELETE', 'EXECUTE']] successfully granted
to role [uploaders]</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">My goal is to create two users with
minimalist privileges: </p>
<p class="MsoNormal"> </p>
<p class="MsoListParagraph" style="margin-left:.25in;
text-indent:-.25in"><span style="">1)<span style="font:7.0pt
"Times New Roman"">
</span></span>an admin that can only upload or delete rpms
to a repository. </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> pulp-admin auth permission grant
--resource /content --role-id uploaders -o create -o read -o
update -o delete -o execute</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">I tried /content and /repositories, but
both fail with “Insufficient Permissions” when running the
uploads command.</p>
<p class="MsoNormal"> </p>
<p class="MsoListParagraph" style="margin-left:.25in;
text-indent:-.25in"><span style="">2)<span style="font:7.0pt
"Times New Roman"">
</span></span>A user that can only register/unregister
consumers and bind to repositories. More detail in my bug
report here:
<a moz-do-not-send="true"
href="https://bugzilla.redhat.com/show_bug.cgi?id=1081534">https://bugzilla.redhat.com/show_bug.cgi?id=1081534</a></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Thanks again!</p>
<p class="MsoNormal">Jason</p>
</div>
<br>
<hr>
<font color="Gray" face="Arial" size="1"><br>
Information in this e-mail may be confidential. It is intended
only for the addressee(s) identified above. If you are not the
addressee(s), or an employee or agent of the addressee(s),
please note that any dissemination, distribution, or copying of
this communication is strictly prohibited. If you have received
this e-mail in error, please notify the sender of the error.<br>
</font>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Pulp-list mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pulp-list@redhat.com">Pulp-list@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pulp-list">https://www.redhat.com/mailman/listinfo/pulp-list</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Sayli Karmarkar
Software Engineer
Systems Management and Cloud Enablement
<a class="moz-txt-link-freetext" href="http://www.redhat.com">http://www.redhat.com</a>
</pre>
</body>
</html>