Chapter 3. User access for automation services catalog
When configuring automation services catalog for your organization, consider the scope of your user environments, how those users are grouped, and the roles to assign. You can manage this workflow through User Access.
Automation services catalog features and workflows are governed by groups that have specific roles attached to them. The Organization Administrator role performs the initial creation of groups, assigns roles, and adds users.
Groups
Groups are user-defined and flexible to include many users and have multiple roles. Create new groups based on your organization’s requirements for working with automation services catalog.
Roles
Roles provide a defined set of actions each group performs. Determine the required level of access for your users based on the following roles automation services catalog uses:
Role | Description | |
---|---|---|
Administration | Organization Administrator |
|
Approval | Approval Administrator |
|
Approval Approver |
| |
Approval User |
| |
Catalog | Catalog Administrator |
|
Catalog User |
|
By default, all users will have Catalog User and Approval User roles assigned to them.
Due of potential security implications, limit the number of users in cloud.redhat.com with Organization Administrator privileges.
3.1. Creating administrator groups
The Organization Administrator can create new groups of administrators and users in automation services catalog. Catalog and Approval administrators are required to perform initial workflows in configuring automation services catalog. In this section, we will create groups for both Catalog and Approval administrators.
3.1.1. Creating a Catalog Administrator group
The Catalog Administrator is a role that grants create, read, update and order permissions. This role is used in creating and managing processes associated with portfolios and products.
To create a Catalog Administrator group:
-
Navigate to
. - Click .
- Enter group name and set the description.
- Click .
- In the Add members modal, check each user to add to the group. Click when finished.
- Check Catalog Administrator on the Assign roles modal.
- Review details for the new group and click .
We have created a group of Catalog Administrators and will now create a group of Approval administrators.
3.1.2. Creating an Approval Administrator group
The Approval Administrator is a role that grants create, read, update and order permissions. This role is used in creating and managing processes associated with portfolios and products.
To create an Approval Administrator group:
-
Navigate to
. - Click .
- Enter group name and set the description.
- Click .
- In the Add members modal, check each user to add to the group. Click when finished.
- Check Approval Administrator on the Assign roles modal.
- Review details for the new group and click .
The new group of Approval Administrators has been created. Approval Administrators can create new approval processes to set to platforms, portfolios, and products.
3.1.3. Creating Approval Approver Groups
The Approval Approver is a role that grants create and read permissions to users who will approve or deny requests generated when a automation services catalog user orders a product.
To create an Approval Approver group:
-
Navigate to
. - Click .
- Enter group name and set the description.
- Click .
- In the Add members modal, check each user to add to the group. Click when finished.
- Check Approval Approvers on the Assign roles modal.
- Review details for the new group and click .
The new group of Approval Approvers has been created.
3.1.4. Adding new users to existing Groups
The Catalog Administrator can add new users to existing groups. Once added, users will have the level of permissions associated with that group.
You can add users to a group in the Groups view in User Access.
-
Navigate to
. - Click .
- Select a group from the list.
- Click and then click .
- Check those users that appear in the modal that you wish to add to the group.
- Click .
A message will appear notifying you if the member was added successfully.