Red Hat Customer Portal 1 Managing User Access to the Red Hat

Red Hat Customer Portal 1
Managing User Access to the Red
Hat Customer Portal and the Red Hat
Network Application
Creating and Configuring User Accounts
Edition 4
Red Hat Global Support Services
Red Hat Customer Portal 1 Managing User Access to the Red Hat
Customer Portal and the Red Hat Network Application
Creating and Configuring User Accounts
Edition 4
Red Hat Glo bal Suppo rt Services
Legal Notice
Co pyright © 20 14 Red Hat, Inc..
This do cument is licensed by Red Hat under the Creative Co mmo ns Attributio n-ShareAlike 3.0
Unpo rted License. If yo u distribute this do cument, o r a mo dified versio n o f it, yo u must pro vide
attributio n to Red Hat, Inc. and pro vide a link to the o riginal. If the do cument is mo dified, all Red
Hat trademarks must be remo ved.
Red Hat, as the licenso r o f this do cument, waives the right to enfo rce, and agrees no t to assert,
Sectio n 4 d o f CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shado wman lo go , JBo ss, MetaMatrix, Fedo ra, the Infinity
Lo go , and RHCE are trademarks o f Red Hat, Inc., registered in the United States and o ther
co untries.
Linux ® is the registered trademark o f Linus To rvalds in the United States and o ther co untries.
Java ® is a registered trademark o f Oracle and/o r its affiliates.
XFS ® is a trademark o f Silico n Graphics Internatio nal Co rp. o r its subsidiaries in the United
States and/o r o ther co untries.
MySQL ® is a registered trademark o f MySQL AB in the United States, the Euro pean Unio n and
o ther co untries.
No de.js ® is an o fficial trademark o f Jo yent. Red Hat So ftware Co llectio ns is no t fo rmally
related to o r endo rsed by the o fficial Jo yent No de.js o pen so urce o r co mmercial pro ject.
The OpenStack ® Wo rd Mark and OpenStack Lo go are either registered trademarks/service
marks o r trademarks/service marks o f the OpenStack Fo undatio n, in the United States and o ther
co untries and are used with the OpenStack Fo undatio n's permissio n. We are no t affiliated with,
endo rsed o r spo nso red by the OpenStack Fo undatio n, o r the OpenStack co mmunity.
All o ther trademarks are the pro perty o f their respective o wners.
Abstract
User-acco unt lo gins fo r the Red Hat Custo mer Po rtal and the Red Hat Netwo rk (RHN)
applicatio n are unified under a Single Sign-On (SSO) system. This guide describes the User
Management applicatio n that allo ws yo u to create and co nfigure user acco unts to separately
co ntro l access to reso urces and functio nality fo r bo th the Red Hat Custo mer Po rtal and the
RHN applicatio n.
T able of Cont ent s
T able of Contents
. .hapt
⁠C
. . . .er
. .1. .. Basic
. . . . . User
. . . . .Management
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. . . . . . . . . .
⁠1.1. Ac c es s ing the Us er Manag ement Ap p lic atio n
2
⁠1.2. Creating New Us er Ac c o unts
3
⁠1.2.1. Creating a Sing le New Us er Ac c o unt
3
⁠1.2.2. Creating Multip le New Us er Ac c o unts
3
⁠1.3. Chang ing Setting s and Permis s io ns fo r Exis ting Us er Ac c o unts
4
⁠1.3.1. Manag ing RHN Us er Ac c es s - Chang ing Sing le Setting s
⁠1.3.1.1. G eneral Tab
⁠1.3.1.2. Lo g in Info rmatio n Tab
⁠1.3.1.3. Us er Preferenc es Tab
⁠1.3.1.4. Ac c es s Permis s io ns Tab
⁠1.3.1.5. Sys tem G ro up s Tab
⁠1.3.1.6 . Sys tems Tab
⁠1.3.1.7. Channel Permis s io ns Tab
⁠ .3.2. Chang ing Setting s fo r Multip le Us ers
1
⁠1.4. Deac tivating and Reac tivating Us er Ac c o unts
⁠1.4.1. Deac tivating Us ers
⁠1.4.2. Reac tivating Us ers
4
5
5
5
6
10
10
11
11
11
11
13
. .hapt
⁠C
. . . .er
. .2. .. Advanced
. . . . . . . . . User
. . . . .Management
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1. 7. . . . . . . . . .
1
Red Hat Cust omer Port al 1 Managing User Access t o t he Red Hat Cust omer Port al and t he Red Hat Net work A
Chapter 1. Basic User Management
This chapter describes how to create new user accounts, change user settings and permissions, and
deactivate user accounts.
1.1. Accessing t he User Management Applicat ion
The U ser Man ag emen t application allows you to create and configure user accounts to separately
control access to resources and functionality for both the Red Hat Customer Portal and the Red Hat
Network (RHN) application.
1. Log into the Customer Portal as an Organization Administrator.
Note
Only an RHN user whose account has been configured with the role of Organization
Administrator can create and configure RHN and Red Hat Customer Portal user
accounts. RHN Organization Administrators have unlimited access to RHN resources
and functionality, and they have root privileges for all systems assigned to their
organization on RHN. All other RHN users can access only the systems assigned to
them and can use RHN to perform only the tasks associated with their assigned Roles.
For more information on user roles, see Section 1.3.1.4, “ Access Permissions Tab”
below or section 6.9.1.1.1 of the RHN Reference Guide.
2. In the upper-right corner of the Customer Portal, click your user name and choose Acco unt
Setti ng s.
You will see the following screen:
⁠
Fig u re 1.1. O rg an iz at io n Ad min ist rat o r D ash b o ard
Note
If you cannot see the User Manag ement link on the right side of this page, you do not
have permissions to create and configure online user accounts for RHN and the Red
Hat Customer Portal. Please see your RHN Organization Administrator to change the
permissions for your user account.
2
⁠Chapt er 1 . Basic User Management
3. Click User Manag ement to display a list of user accounts that have been configured for
your organization.
You will see the following screen:
⁠
Fig u re 1.2. U ser List
1.2. Creat ing New User Account s
You can create a new user manually, or you can bulk upload a list of users.
1.2.1. Creat ing a Single New User Account
To create a single new user account for the RHN and Red Hat Customer Portal applications, click
Ad d new user in the upper-right corner of the User List page (shown above). You will be taken to
the initial configuration page for the new account:
⁠
Fig u re 1.3. Ad d in g a N ew U ser
Complete the information for the new user account and click Save. For more information on roles, see
Section 1.3.1.4, “ Access Permissions Tab” below.
1.2.2. Creat ing Mult iple New User Account s
To create multiple new user accounts for the RHN and Red Hat Customer Portal applications, click
Upl o ad new users in the upper-right corner of the User List page. You will be taken to the CSV
Upload page:
⁠
3
Red Hat Cust omer Port al 1 Managing User Access t o t he Red Hat Cust omer Port al and t he Red Hat Net work A
Fig u re 1.4 . C SV B u lk U p lo ad
On this page, you can upload and preview a CSV file of new user accounts.
Note
Be sure to download the template provided on the CSV Upload page to ensure that you are
using the correct format. Once your users have been created, you cannot delete them. Please
double-check your file before uploading. Also, please note that no more than 100 users can
be added at one time.
1.3. Changing Set t ings and Permissions for Exist ing User Account s
To configure an existing online user account, access the User List page, select the desired user(s)
you wish to modify, and click Ed i t.
1.3.1. Managing RHN User Access - Changing Single Set t ings
If you select a single user, you will see the G eneral tab on the configuration page for the user
account:
⁠
Fig u re 1.5. Mo d if yin g an Exist in g U ser
The user account configuration page has the following seven tabs:
G eneral
4
⁠Chapt er 1 . Basic User Management
Lo g i n Info rmati o n
User P references
Access P ermi ssi o ns
System G ro ups
Systems
C hanel P ermi ssi o ns
The next subsections describe these tabs in more detail.
1 .3.1 .1 . Ge ne ral T ab
On the G eneral tab (shown above), you can enter the user's name, job title, department
name/number, and contact information. Click Save at the bottom of the page to apply your changes.
This page also displays history information about when the user was created and when the user's
information was last updated.
1 .3.1 .2 . Lo gin Info rm at io n T ab
Use the Lo g i n Info rmati o n tab to change the password for the user account. Enter the new
password twice and click Save to change the password.
Note
You cannot change the user name for an existing user account.
⁠
Fig u re 1.6 . C h an g in g a U ser' s Passwo rd
1 .3.1 .3. Use r Pre fe re nce s T ab
Use the User P references tab to select the language and time zone for the RHN and Red Hat
Customer Portal applications. Click Save to apply your changes.
5
Red Hat Cust omer Port al 1 Managing User Access t o t he Red Hat Cust omer Port al and t he Red Hat Net work A
⁠
Fig u re 1.7. C h an g in g a U ser' s Pref eren ces
1 .3.1 .4 . Acce ss Pe rm issio ns T ab
Use the Access P ermi ssi o ns tab to control the user's access to resources and functionality for
the Red Hat Customer Portal and the RHN application. Permissions for each environment are
controlled separately, as described below.
⁠
Fig u re 1.8. C h an g in g a U ser' s Permissio n s
Use the Access P ermi ssi o ns section of this tab to configure user access permissions for the Red
Hat Customer Portal. Check the boxes that correspond to the Red Hat Customer Portal resources and
functionality that you want the user to be able to access. When users with restricted access
permissions log into the Red Hat Customer Portal, they will be able to see all available menus.
However, if those users click on a menu for which they do not have access, the Red Hat Customer
Portal will display an error message.
The four checkboxes under the Access P ermi ssi o ns section control access to different resources
on the Red Hat Customer Portal, as described in the table below.
6
⁠Chapt er 1 . Basic User Management
T ab le 1.1. Access Permissio n s
C u st o mer Po rt al Access Permissio n s
C h eckb o x
Wh at It C o n t ro ls
Manage Support Cases
Allows the user to view, create, and update
support cases under the Support Cases section
of the Suppo rt menu.
Allows the user to view account subscription
and renewal information in the Subscriptions
section of the Subscri pti o ns menu.
Allows the user to access JBoss Middleware
downloads. Applies only to JBoss Middleware
downloads through the Red Hat Customer
Portal and does not restrict access to any
downloads via RHN. You can restrict access to
RHN downloads via the Channel Permissions
section described in Chapter 2, Advanced User
Management.
Allows the user to access Red Hat CertificateBased Subscription Management under the
Certificate-Based Management section of the
Subscri pti o ns menu.
View/Renew Subscription Information
D ownload Middleware Software & Updates
Manage Your Subscriptions
View/Edit All
Allows the user to view and edit all the
account systems under the unit and
distributor tabs.
User can view all details on the overview
page and has access to all functionality.
User can view all subscriptions available in
inventory and take actions such as
downloading certificates.
User can view subscription utilization page.
User can view and take action on all Units
Register systems
Attach subscriptions
Auto attach
D elete systems
View/D ownload certificates
D ownload/Regenerate Identity Certs
User can view and take action on all
Subscription Management Applications
Register Subscription Management
Applications
View all Subscription Management
Applications
Update
Attach Subscriptions
D ownload Manifest
D elete Systems
Remove Subscriptions
D ownload/Regenerate Identity Certs
7
Red Hat Cust omer Port al 1 Managing User Access t o t he Red Hat Cust omer Port al and t he Red Hat Net work A
C u st o mer Po rt al Access Permissio n s
C h eckb o x
View All (for non-org admin users)
View/Edit only mine (for non-org admin users)
8
Wh at It C o n t ro ls
Allows the user to view all the account
systems under the unit and distributor tabs
User can view all details on the overview
page
User can view all subscriptions available in
inventory and can take actions such as
downloading certificates and export all to
CSV.
User can view subscription utilization page.
User who can view all Units
Can not register a system
Can not attach subscriptions
Can not Auto attach
Can not D elete systems
View/D ownload certificates.
D ownload/Regenerate Identity Certs
User can view all Subscription Management
Applications (SMA)
Can not Register a Subscription
Management Applications
View all Subscription Management
Applications
Can not Update
Can not attach Subscriptions
Can not download Manifest
Can not delete Systems
Can not remove Subscriptions
Can download/regenerate Identity Certs
Allows the user to view and edit only the
systems under the unit and distributor tabs
they have registered.
User can view all details on the overview
page and has access to all functionality.
User can view all subscriptions available in
inventory and take actions such as
downloading certificates.
User can view subscription utilization page.
User can view and take action on only their
Units
Register their system
Attaching subscriptions to their systems
Auto attach to their systems
D elete their systems
View/D ownload certificates for their
systems
D ownload/Regenerate Identity Certs for
their systems
⁠Chapt er 1 . Basic User Management
C u st o mer Po rt al Access Permissio n s
C h eckb o x
User can view and take action on their
SMA(Subscription Mgt Applications)
Wh at It C o n t ro ls
Register their SMA
View their SMA
Update
Attach Subscriptions
D ownload Manifest
D elete Systems
Remove Subscriptions
D ownload/Regenerate Identity Certs
Use the Acco unt R o l es and R HN R o l es sections of this tab to configure user access permissions
for the RHN application. Check the boxes that correspond to the roles that you want to assign to the
RHN user. The table below briefly describes each role. For more detailed information, see section
6.9.1.1.1 of the RHN Reference Guide.
T ab le 1.2. U ser R o les
R o le T it le
R o le R esp o n sib ilit y/Access
Organization Administrator
This role can perform any function available
within RHN or the Red Hat Customer Portal. As
the master account for your organization, this
user can alter the privileges of all other
accounts, as well as conduct any of the tasks
available to the other roles. Like the other roles,
multiple Organization Administrators may exist.
While it is possible for one Organization
Administrator to remove Organization
Administrator rights from another user, it is
impossible to remove Organization
Administrator rights from the sole remaining
Organization Administrator. It is possible to
remove your own Organization Administrator
privileges so long as you are not the last
Organization Administrator.
Channel Administrator
System Group Administrator
Monitoring Administrator
Configuration Administrator
This role has complete access to the software
channels and related associations within your
organization. This user may change the base
channels of systems, make channels globally
subscribable, and create entirely new channels.
This role is one step below Organization
Administrator in that it has complete authority
over the systems and system groups to which it
is granted access. This user can create new
system groups, delete any assigned systems
groups, add systems to groups, and manage
user access to groups.
This role allows for the scheduling of probes
and oversight of other monitoring infrastructure.
This role enables the user to manage the
configuration of systems in the organization.
9
Red Hat Cust omer Port al 1 Managing User Access t o t he Red Hat Cust omer Port al and t he Red Hat Net work A
R o le T it le
R o le R esp o n sib ilit y/Access
Activation Key Administrator
This role is designed to manage your
organization's collection of activation keys. This
user can create, modify, and delete any key
within your overarching account.
Click Save to apply your changes.
1 .3.1 .5 . Syst e m Gro ups T ab
On the System G ro ups tab, you can use the checkboxes to set a user's access permissions to each
system group. You can also select one or more default system groups for the user so that when the
user registers a system, that system will be assigned to the selected group or groups.
⁠
Fig u re 1.9 . C h an g in g a U ser' s Assig n ed Syst em G ro u p s
1 .3.1 .6 . Syst e m s T ab
On the Systems tab, you can select from the systems listed for use in the System Set Manager. Click
Save at the bottom of the page to apply your changes.
⁠
Fig u re 1.10. C h an g in g a U ser' s Assig n ed Syst ems
1 .3.1 .7 . Channe l Pe rm issio ns T ab
10
⁠Chapt er 1 . Basic User Management
On the C hannel P ermi ssi o ns tab, you can find the list of channels available to your
organization. You may grant explicit channel subscription permission to a user for each of the
channels listed.
⁠
Fig u re 1.11. C h an g in g a U ser' s C h an n el Su b scrip t io n Permissio n s
1.3.2. Changing Set t ings for Mult iple Users
If you select multiple users, you will see a pop-up with checkbox selections, allowing you to edit roles
for all selected users at one time. Click Appl y to save your changes.
⁠
Fig u re 1.12. C h an g in g Access Permissio n s f o r Mu lt ip le U sers
1.4 . Deact ivat ing and React ivat ing User Account s
To protect data integrity, a user account cannot be deleted. However, an RHN Organization
Administrator can deactivate and reactivate existing user accounts as necessary.
1.4 .1. Deact ivat ing Users
To deactivate existing user accounts, select the checkbox next to the desired user name(s) on the
User List page and select D eacti vate to deactivate the accounts.
11
Red Hat Cust omer Port al 1 Managing User Access t o t he Red Hat Cust omer Port al and t he Red Hat Net work A
⁠
Fig u re 1.13. D eact ivat in g Mu lt ip le U sers
You can also deactivate a single user by following these steps:
12
⁠Chapt er 1 . Basic User Management
1. To deactivate an existing user account, begin by selecting the appropriate user name on the
User List page and clicking Ed i t to display the G eneral tab on the configuration page for
the user account.
2. In the upper-right corner of the page, click D eacti vate user:
⁠
Fig u re 1.14 . D eact ivat in g a U ser ( 1 o f 3)
3. Click Y es to confirm the deactivation:
⁠
Fig u re 1.15. D eact ivat in g a U ser ( 2 o f 3)
4. You will receive a confirmation message:
⁠
Fig u re 1.16 . D eact ivat in g a U ser ( 3 o f 3)
1.4 .2. React ivat ing Users
1. To view a list of deactivated users, select the Inacti ve tab on the User List page.
13
Red Hat Cust omer Port al 1 Managing User Access t o t he Red Hat Cust omer Port al and t he Red Hat Net work A
2. Select the desired user(s) to reactivate and select Acti vate.
⁠
14
⁠Chapt er 1 . Basic User Management
15
Red Hat Cust omer Port al 1 Managing User Access t o t he Red Hat Cust omer Port al and t he Red Hat Net work A
Fig u re 1.17. R eact ivat in g U sers ( 1 o f 2)
3. You will receive a confirmation message:
⁠
Fig u re 1.18. R eact ivat in g U sers ( 2 o f 2)
16
⁠Chapt er 2 . Advanced User Management
Chapter 2. Advanced User Management
The above information should be enough to get you started. However, if you need to restrict a user's
download access via RHN, this section outlines the steps you should take.
1. ⁠
U n su b scrib e t h e U ser f ro m C h an n els
To begin, you must first unsubscribe the user from channels.
a. Select the desired user and navigate to the C hannel P ermi ssi o ns tab.
b. Click Manag ement under the C hannel P ermi ssi o ns tab:
⁠
Fig u re 2.1. C hannel P ermi ssi o ns
c. Uncheck the boxes next to all of the desired channel names.
d. Click the Upd ate P ermi ssi o ns button near the bottom of the page.
⁠
Fig u re 2.2. U p d at e Permissio n s
17
Red Hat Cust omer Port al 1 Managing User Access t o t he Red Hat Cust omer Port al and t he Red Hat Net work A
2. ⁠
En su re C h an n els are N o t G lo b ally Su b scrib ab le
You must make sure that there are no globally subscribable channels.
a. Begin by navigating to the RHN System Set Manager and selecting C hannel s, as
shown in the image below.
⁠
Fig u re 2.3. So f t ware C h an n els
b. Select C hannel D etai l s next to the desired release channel:
⁠
18
⁠Chapt er 2 . Advanced User Management
Fig u re 2.4 . Select in g C h an n el D et ails
c. Scroll down and uncheck the G l o bal l y Subscri babl e option:
⁠
Fig u re 2.5. G l o bal l y Subscri babl e O p t io n
d. Click the Upd ate button near the bottom of the screen.
3. ⁠
U p d at e t h e U ser f o r Each C h an n el
19
Red Hat Cust omer Port al 1 Managing User Access t o t he Red Hat Cust omer Port al and t he Red Hat Net work A
To completely remove all permissions, you must repeat Step 1 for the user and the channel
that you updated in Step 2. However, you can use the Fi l ter by C hannel Name field to
search for the correct channel (shown in the figure below) instead of selecting Management
under the Channel Permissions tab.
⁠
Fig u re 2.6 . U p d at in g U ser Access
Once that is complete, repeat Step 2 and Step 3 until you have updated all the desired
channels for that user.
4. ⁠
En su re O t h er U sers Main t ain Access
One unintended consequence of making sure that channels are not globally subscribable is
that it unsubscribes other users from those channels as well. To subscribe users to channels
that were previously globally subscribable, repeat Step 1 for each of those users, but check
the box next to the appropriate channels to assign permissions.
5. Mo re In f o rmat io n
For more information, see the official API documentation at
https://access.redhat.com/site/documentation/enUS/Red_Hat_Network/5.0.0/html/API_D ocumentation/index.html.
20
Download PDF