The Puppet Enterprise (PE) console enables you to import users and groups, create user roles, and assign users to roles.
You can connect PE with an external directory, such as Active Directory or OpenLDAP, and import users and groups, rather than creating and maintaining users and groups in multiple locations. You can create user roles, and assign imported users to those roles. Roles are granted permissions, such as permission to act on node groups. When you assign roles to users or user groups, you are granting users permissions in a more organized way.
In this exercise, you create a new user role and give the role view permissions on your node group. Then you create a new local user, and assign a user role to that user. This exercise doesn’t cover connecting with an OpenLDAP or Active Directory. For more information about those subjects, see Working with Role-Based Access Control.
Note: Users and user groups are not currently deletable. And roles are deletable by API, not in the console. Therefore, we recommend that you try out these steps on a virtual machine.
Add a user role so you can manage permissions for groups of users at one time.
Before you begin: Install a monolithic PE deployment, install at least one Windows agent node, install the
puppetlabs-wsus_clientmodule, and classify a node.
Finally, you must have admin permissions to complete these steps, which include assigning a user to a role.
These steps demonstrate how to create a new local user. See Adding LDAP Users to PE for information about adding existing users from your directory service.
Click Add local user.
Note: When you create new local users, you need to send them a login token. Do this by clicking the new user’s name in the User list and then on the upper-right of the user’s page, click Generate password reset. A message opens with a link that you must copy and send to the new user.
When you create new local users, you need to send them a password reset token so that they can log in for the first time.
You must give the role access to the group, so that the
Windows users role can view the
windows_example node group.