Red Hat SummitChapter 5. Roles
A role is a group of permissions for specific Red Hat Ansible Automation Platform resources. These permissions govern actions such as viewing, changing, using, executing, or deleting resources such as projects, inventories, credentials, and job templates. When you assign a role to a team or user you are granting them access to manage defined resources within the platform.
Roles define permissions for a specific resource, centralizing all access to that resource through the role itself. This design makes roles reusable units that enable administrators to share defined behaviors among many resources or with different users.
As an administrator, you have the option of using default predefined roles, or you can create roles based on your organization’s needs.
5.1. Displaying roles
You can display the roles assigned to each component resource from the menu.
Roles are labeled with their associated Ansible Automation Platform component and function. These components align with Ansible Automation Platform services and the side navigation structure in the user interface. Component labels can be understood as follows:
- Automation Execution refers to automation controller
- Automation Decisions refers to Event-Driven Ansible
- Automation Content refers to automation hub
Roles created at the level of the organization can be associated with multiple components because they group together permissions from automation controller (Automation Execution) and Event-Driven Ansible (Automation Decisions). Only organization roles can span multiple components.
A similar role entity for Automation Content is a "system" role, which gives access to all of the specified resource types in Automation Content.
Procedure
-
From the navigation panel, select
. - From the table header, you can sort the list of roles by using the arrows for Name, Description, Component, Resource Type, and Role Creation, or by making sort selections in the Sort list.
- You can filter the list of roles by selecting Name, Editable, or Component from the filter list and clicking the arrow.
5.2. Creating a role
Ansible Automation Platform services provide a set of predefined roles with permissions enough for standard automation tasks. It is also possible to configure custom roles that define access permissions to a resource.
If the default predefined roles for a resource type do not give the necessary permissions, you can create custom roles for an organization. Creating a custom role reduces complexity by consolidating all required permissions into a single assignment per resource or resource type, eliminating the need to assign multiple roles to a user or team.
Procedure
-
From the navigation panel, select
. - Click .
- Provide a Name and a short Description for the role. The name and description should be unique and specific to the role’s intended use and permissions to give context when assigning the role.
- Select a Resource Type. Ensure that you are selecting the required resource in the correct component context, because resources such as projects and credentials can be associated with both Automation Execution and Automation Decisions.
- Select the Permissions you want assigned to this role from the drop-down menu.
- Click to create your new role.
5.3. Editing a role
Default roles are predefined in the platform and cannot be changed; however, you can modify custom roles from the Roles list view. The Role Creation column in the Roles list view indicates whether a role is a default role that cannot be changed, or a custom role that can be modified.
Procedure
-
From the navigation panel, select
. -
Click the Edit role icon
next to the role you want and modify the role settings as needed.
- Click to save your changes.
5.4. Deleting a role
You cannot delete default roles; however, you can delete custom roles from the Roles list view.
Procedure
-
From the navigation panel, select
. - Click the icon ⋮ next to the role you want and select Delete role.
- To delete roles in bulk, select the roles you want to delete from the Roles list view, click the icon ⋮, and select Delete roles.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}