[katello-devel] Four default roles
Todd B Sanders
tsanders at redhat.com
Fri Jul 1 12:15:35 UTC 2011
On 07/01/2011 05:30 AM, Lukas Zapletal wrote:
> Hello,
>
> I just added new role and renamed three old ones. We have the
> following default roles:
>
> Administrator - superadmin role (not admin self-role, this is
> different). It has "superadmin" column flag set to true and it has
> special treatment. It has access everywhere (User.allowed_to? returns
> always true for such a role). Thus we don't need to explicitly "allow"
> everything to admin now in the seed script. I have commented this out.
> User "admin" is assigned to this role by default.
>
> Read Everything - classical "reader". Can read everything. Currently
> there are no users assigned to this role. If you find a page this role
> has no read access to please add it.
>
> Anonymous - "nobody" role. Used when user is not logged in (since he
> still needs to access some resources - notifications for example).
> User "anonymous" assigned to this role. He has random password and it
> is disabled by default so no one can log in using anonymous. Katello
> would not allow to do anything under this account, but its disabled
> just to be sure.
Not sure I follow this user or role, can you elaborate?
>
> Candlepin - special role for RHSM. Not intended for regular users.
>
> I just added "description" column to Role with information about roles.
>
> I also added "disabled" flag to User to (temporary) disable an account.
>
> @UI team: please elaborate these two new columns in the UI, thanks.
>
Are these roles going to be populated in the DB upon initial install by
an end user? If so, then we should hide internal-use roles (i.e.
Candlepin) if they are required for system operation. Otherwise,
accidental deletion is an issue.
-Todd
More information about the katello-devel
mailing list