Assigning user permissions quick start guide

Overview
Release notes
Puppet platform documentation
Quick start guides
Managing Windows nodes
Installing
Upgrading
Migrating
Configuring PE
Monitoring infrastructure state
Managing nodes
Managing access
Managing applications
Enforcing change with Puppet orchestrator
Managing and deploying Puppet code
Provisioning with Razor
SSL and certificates
APIs
Managing MCollective
Maintenance
Troubleshooting
Appendix

Expand all

Assigning user permissions quick start guide

Puppet Enterprise — 2016.4

This version is out of date. For current versions, see Puppet Enterprise support lifecycle.

Sections

PE enables you to create and manage users and user groups through the console. You can also create user roles, and assign users to those roles. Permissions, such as the ability to view node groups, deploy code, or generate password reset tokens, are assigned to user roles rather than directly to users. When you assign roles to users or user groups, you are granting permissions in a more organized way.

In this quick start guide, you’ll create a new user role and give the role the permission to view the node group you created in the Adding classes quick start guide. You’ll also create a new local user, and assign your new user role to that user.

Before you begin, make sure you have installed:

Note: Roles are deletable by API, not in the console. Therefore, it’s best to try out these steps on a virtual machine.

Step 1: Create a user role

In the console, click Access control and then click User Roles.
For Name, type Web developers, and then for Description, type a description for the Web developers role, such as Members of the web development team.
Click Add role.

Step 2: Give the user role access to a node group

From the User roles page, select Web developers, and then click the Permissions tab.
In the Type box, select Node groups.
In the Permission box, select View.
In the Object box, select apache_example.
Click Add permission, and then click the commit button. Now, you have given members of the Web developers role permission to view the apache_example node group.

Step 3: Create a new user

On the Access Control page, click Users.
In the Full name field, type in a user name.
In the Login field, type the user’s login information.
Click Add local user.

FAQs

Can I import users and groups from my external directory, so I don’t have to recreate users one at a time?

Step 4: Enable the new user to log in

When you create new local users, you need to send them a password reset token so that they can log in for the first time.

Click the new local user in the Users list. The new user’s page opens.
On the upper-right of the page, click Generate password reset. A Password reset link message box opens.
Copy the link provided in the message and send it to the new user. Then you can close the message.

Step 5: Assign the user role to the new user

Click User Roles and then click Web developers.
On the Member users tab, on the User name list, select the new user you created, and then click Add user and click the commit button.

You’re now managing a user with RBAC. By using permissions and user roles, you give the appropriate level of access and agency to each user or user group who works with PE.

Next, you’ll learn more about the basics of writing modules of your own, so you can begin customizing your deployment and getting work done. Click here when you’re ready to write your first module.

See an issue? Please file a JIRA ticket in our [DOCUMENTATION] project