[Pulp-list] Help setting permissions on roles

Kodiak Firesmith kfiresmith at gmail.com
Sun May 1 13:22:09 UTC 2016

Yes you are on the right [i]path[/i]..., and I agree it's difficult and
intimidating.  I've been working on recreating the Satellite 5 model of
organizations and it's been a real pain trying to encapsulate various
groups' repos from eachother using custom roles.

One thing I can mention is to create a test group with no privs and a test
repo and spend some time doing basic tasks as a user the unprivileged group
while watching the apache logs to see the various paths that get blocked
from reads and writes, and create permissions for each blocked thing until
you have gotten all permissions you need (and nothing more!) so that you
can do what you need to do.

Sorry I don't have better advice.  One thing I'd love is for there to be
better/more predefined groups / roles capabilities bundled with pulp that
could be used as templates.

 - Kodiak

On Sun, May 1, 2016 at 8:59 AM, Lutchy Horace (Mailing List) <
mailinglist.subscriptions at lhprojects.net> wrote:

> Hello,
> I am trying to comprehend setting up permissions on resources. My
> understanding thus far from:
> https://pulp.readthedocs.io/en/latest/user-guide/admin-client/authentication.html#permissions
> "Permissions are essentially a REST API path."
> Ideally, I would have preferred viewing a list of resources from
> pulp-admin. However, to view REST API path, I would have to sift through
> https://pulp.readthedocs.io/en/latest/dev-guide/integration/rest-api/index.html
> .
> Which to be honest, is a bit intimidating, especially what resource
> path does what. In the examples provided, the rest api starts with /
> and /v2? Although looking at the rest api documents, paths typically
> begin with /pulp/api. So am I to presume that / points to /pulp/api?
> Okay, if that's the case, if I want to register machines and pull from
> repositories. I would need to set permissions on:
> READ on /v2/repository
> READ,CREATE on /v2/consumers
> ?
> Regards
> --
> Lutchy Horace
> Owner/Operator/Administrator [http://www.lhprojects.net]
> Owner/Operator/Administrator [http://www.bombshellz.net]
> Owner/Operator/Administrator [http://www.animehouse.club]
> About Me [http://about.me/lhprojects]
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20160501/9a358cf2/attachment.htm>

More information about the Pulp-list mailing list