Story #1658
closed
Pulp needs some sort of role-grouping or inheritance
0%
Description
Currently for each new role I come up with, I have to add every user individually. I would like to be able to organize like users by access level, eg: sysadmins, users, etc. Or maybe by department. Then I could just assign users to a limited set of meta-roles that actually just contain other roles.
Right now if I have a bunch of roles like 'repository-viewer', 'repository-manager', 'content-publisher', etc, I must then enumerate a whole class of user logins for each role like so:
for i in bob sue joe jebediah zeke; do pulp-admin auth role user add --login=$i --role-id=repository-viewer; done
for i in bob sue joe jebediah zeke; do pulp-admin auth role user add --login=$i --role-id=repository-manager; done
for i in bob sue joe jebediah zeke; do pulp-admin auth role user add --login=$i --role-id=content-publisher; done
It sure would be swell to group logins into departments 'org-accounting', 'org-labadmins', 'org-mailroom', then assign myriad relevant and growing permission-containing roles under each of those organizational roles so that as people come and go it's much easier than tacking on a million individual roles to each user.
Hopefully that makes sense...
.