I have a limited user account that has only permissions to install and sync packs. But there seems to maybe be some implications that are missing when you’re limiting a user role like this which is failing the install the pack(s)
name: pack_management
description: Allows a user to install, register, and modify packs only
permission_grants:
-
permission_types:
- "pack_list"
- "pack_install"
- "pack_uninstall"
- "pack_create"
- "pack_register"
- "pack_config"
- "pack_search"
- "pack_views_index_health"
-
resource_uid: "action:packs.install"
permission_types:
- "action_execute"
But because there’s no execution_view permissions the pack install fails
st2@st2appl01 ~ $ st2 pack install ansible
For the "ansible" pack, the following content will be registered:
actions | 8
rules | 0
sensors | 0
aliases | 0
triggers | 0
Installation may take a while for packs with many items.
ERROR: 403 Client Error: Forbidden
MESSAGE: User "<user>" doesn't have required permission "execution_view" on resource "execution:60d34c08d795d3d021105294" for url: http://127.0.0.1:9101/v1/executions/60d34c08d795d3d021105294
I’ve tried doing permissions like:
---
-
resource_uid: "execution:"
permission_types:
- "execution_view"
---
-
resource_uid: "execution:*"
permission_types:
- "execution_view"
But none of these are working. I dont know if there’s a specific uid to use for something like this or if I need to register this as a type of permission bug.