To improve security and stability of an environment, an account with minimal privileges should be used to integrate vRealize Automation with other systems.
This article will provide you with the minimum permissions required for the SovLabs module to operate with Red Hat Satellite.
- You have licensed the Red Hat Satellite SovLabs module
- Created 2 accounts
- To register against Red Hat Satellite (Local or AD Integrated. This will be added to a custom role in Red Hat Satellite)
- To install packages on the host (Usually root account or an account that has YUM access without SUDO)
Create a role and assign permissions
This section covers the permissions required for Red Hat Satellite and the registration and management process.
- Create a role
- Create a Role ie; SovLabs_VRA
- Edit the role and assign the following from the table below
|Product and Repositories||view_products||N/A|
NOTE: In older versions of Red Hat Satellite, you may have the option of Content Host. If this is the case, the below permissions will be changed
Add account to your custom role
- If required, create a local account in Red Hat Satellite, Else, Add an existing account to the role you created
Configure an account that can do the YUM install
- An account that has access to the Node being deployed
- Must be able to run YUM without the requirement of SUDO
- This is usually the ROOT account
Red Hat Satellite least permissions article (Registered RH Users) : https://access.redhat.com/solutions/1570203
SovLabs Red Hat Satellite module : http://docs.sovlabs.com/latest/vRA/7.6/modules/configuration-mgmt/red-hat-satellite/