Red Hat SummitSet up permissions for custom self-service templates
Custom self-service templates that you set up in self-service automation portal use a different set of RBAC rules than the RBAC rules for auto-generated self-service templates that are synchronized from Ansible Automation Platform.
- Auto-generated self-service templates: The RBAC settings for these templates are synchronized from Ansible Automation Platform.
- Custom self-service templates: You must set up RBAC for these templates in self-service automation portal.
Set up RBAC for custom self-service templates
By default, Ansible Automation Platform administrators can define self-service automation portal RBAC roles.
Before you begin
- You have created a user, for example
example-user. - You have added this user as a member of a team, for example
example-team.
About this task
This procedure describes how to create a role in self-service automation portal that allows only a selected team to view and execute particular custom self-service templates.
Custom self-service templates in self-service automation portal are associated with job templates in Ansible Automation Platform. This association is set in the steps.actions section of the YAML file for the custom self-service template.
If you assign permissions to a particular team to launch a custom self-service template from self-service automation portal, then you must make sure that that team has permission to run the associated job templates in Ansible Automation Platform.
Procedure
- In the RBAC view, click Create.
The Create Role view appears.
- In the Users and Groups section, select the Ansible Automation Platform teams and users to assign to this role.
Note The Members column displays the total count of users in each team, including both regular team members and administrators.
- In the Users and Groups section, select the Ansible Automation Platform teams and users to assign to this role.
Verify RBAC
This procedure describes how to verify that the role you set up is working correctly.
Procedure
- Verify that users with permissions can use a template:
- Log in to self-service automation portal as a user who is a member of a team that has been enabled to use a role.
- Verify that RBAC is applied and that the user can use the templates that you enabled for the role.
- Log out of self-service automation portal.
- Verify that users without permissions can not see or use a template:
- Log in to self-service automation portal as a user who is not a member of the new team that has been enabled to use the role.
- Verify that RBAC is applied and that the user cannot use the templates that you enabled for the role.
- Log out of self-service automation portal.
Deregister custom self-service templates
You can deregister custom self-service templates. Deregistering templates deletes them from the Templates view in the self-service automation portal console.
Procedure
- In a browser, log in to self-service automation portal as a user with administrative privileges.
- Select Templates to display the self-service templates.
- For each custom self-service template that you want to delete, execute the following steps:
- Click a custom self-service template to open the Template detail view. The navigation bar contains the Unregister Template option.
- Click Unregister Template.
- In the dialog, confirm that you want to deregister the template.
- Click Delete Entity to unregister the template.
Results
In a browser, navigate to the Templates view for your self-service automation portal instance. Verify that the custom self-service templates that you deregistered have been deleted.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}