<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">Jason, <a class="moz-txt-link-freetext" href="http://pulp-user-guide.readthedocs.org/en/latest/admin-client/authentication.html#permissions">http://pulp-user-guide.readthedocs.org/en/latest/admin-client/authentication.html#permissions</a> The resource is essentially a URI path of a pulp rest api after '/pulp/api' part. So eg. to give permission to all repositories, you would use resource '/v2/repositories/'. There is no way to list all resources except to look at the api documentation at <a class="moz-txt-link-freetext" href="http://pulp-dev-guide.readthedocs.org/en/latest/integration/rest-api/">http://pulp-dev-guide.readthedocs.org/en/latest/integration/rest-api/</a>. As expected if you have permissions to the prefix of a resource, you will have same permissions to all sub-resources as well. Permission to '/v2/repositories/' gives you permission to <tt class="docutils literal">'/v2/repositories/<repo_id>/distributors/<distributor_id>/</tt>' as well. In your 2 examples, you should use following resources 1. <tt class="docutils literal">'/v2/content/uploads/' and </tt><tt class="docutils literal">'/v2/repositories/</tt>' 2. '<tt class="docutils literal">/v2/consumers/' Note that the trailing slash is important. </tt> Thanks, On 04/03/2014 11:24 AM, Ashby, Jason (IMS) wrote: </div> <blockquote cite="mid:B10E49DFB64A0A4D89A00D7C82B026D81A8BA174@VENUS.omni.imsweb.com" type="cite"> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <style>  </style> <div class="WordSection1"> Hi all, Is there a way to list all possible pulp resources? E.g. pulp-admin auth permission list, but showing resources and resource-id’s. I’m guessing this translates to the URLs and REST API, but it’s not clear to me in the docs. The auth permission grant accepts just about anything without error, e.g. pulp-admin auth permission grant --resource /booyah1234 --role-id uploaders -o create -o read -o update -o delete -o execute Permissions [/booyah1234: ['CREATE', 'READ', 'UPDATE', 'DELETE', 'EXECUTE']] successfully granted to role [uploaders] My goal is to create two users with minimalist privileges: 1) an admin that can only upload or delete rpms to a repository. pulp-admin auth permission grant --resource /content --role-id uploaders -o create -o read -o update -o delete -o execute I tried /content and /repositories, but both fail with “Insufficient Permissions” when running the uploads command. 2) A user that can only register/unregister consumers and bind to repositories. More detail in my bug report here: <a moz-do-not-send="true" href="https://bugzilla.redhat.com/show_bug.cgi?id=1081534">https://bugzilla.redhat.com/show_bug.cgi?id=1081534</a> Thanks again! Jason </div> <hr> Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error. <fieldset class="mimeAttachmentHeader"></fieldset> <pre wrap="">_______________________________________________ Pulp-list mailing list <a class="moz-txt-link-abbreviated" href="mailto:Pulp-list@redhat.com">Pulp-list@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pulp-list">https://www.redhat.com/mailman/listinfo/pulp-list</a></pre> </blockquote> <pre class="moz-signature" cols="72">-- Sayli Karmarkar Software Engineer Systems Management and Cloud Enablement <a class="moz-txt-link-freetext" href="http://www.redhat.com">http://www.redhat.com</a> </pre> </body> </html>