Create new group with ability to boostrap and read-only in chef server


#1

Hello,

I have created a new group called ‘helpers’ in chef server via the web console. This group should to be able to boostrap a node and to be able to read-only any object. However, I am getting the following error when trying to bootstrap a node.

ERROR: You authenticated successfully to URL as USER but you are not authorized to this action
Response: missing create permission

How can I give this ‘create permission’ to the new group ‘helpers’. I do not seem to be able to do that via the web console?

At the web console ‘helpers’ have been included with the boxes clicked for List and Create for the nodes.


#2

After searching for quite sometime I came across the following page titled:
Validatorless bootstrap is broken for non-admin users

I used jeremiahsnapp suggestion:

The desired result can be achieved using the permission system. Create a group named “bootstrap”. Add that group to the “create” permission of the “clients” container. Then add appropriate users to the bootstrap group.

Of course, the WebUI did not allow me to do that, so I had to install knife-acl:

knife acl add group helpers containers clients create,update,delete

That allows non-admins to boostrap without errors.
I will use the same concept to permit read only to the other containers like cookbooks, roles, etc.