Managing Enterprise Automation with Red Hat Ansible Automation Platform

Bookmark this page
P123456789101112
PreviousNext

Creating and Managing Users and Groups for Private Automation Hub

Objectives

  • Create and manage users and groups for private automation hub through its web UI and configure access permissions for users by using groups.

User Access

Enterprises can use private automation hub to manage and control the lifecycle of their Ansible content. They can host Ansible Content Collections and automation execution environments on their private automation hub and provide controlled access to their users.

Different user groups can be content creators, operators, or domain experts, who each need a different level of access to the content. For example, the content creators group needs permission to write and modify the automation code, whereas the operator group needs read-only access to run an automation job.

Private automation hub provides a simple but efficient way of managing user access to the content. User access is based on managing permissions to system objects. The system objects are users, groups, namespaces, and repositories.

To manage content and access to content in private automation hub, you can create groups and assign object permissions to those groups. Then you can assign users to these groups, so that each user in a group has the permissions assigned to that group. Managing permissions for groups might be easier than managing permissions for individual users.

Creating Groups

You can create and assign permissions to a group in private automation hub that provide access to specified features in the system for members of that group..

Use the following procedure to add a new group to private automation hub:

  1. Log in to your private automation hub using credentials for the admin user configured during installation.

  2. Navigate to User AccessGroups and then click Create.

  3. Enter a valid name and click Create to create the group.

  4. Click Edit.

  5. Click in the field for each permission type and select permissions that appear in the list.

  6. Click Save when finished assigning permissions.

You can add permissions when you create groups or edit an existing group to add or remove permissions.

The following table lists the types of private automation hub permissions.

ObjectPermissionsPermission description
Collection Namespaces Add namespace, Change namespace, Delete namespace, and Upload to namespace Create, modify, or delete namespaces, and upload Ansible Content Collections to them.
Collections Delete collections Delete Ansible Content Collections.
Modify Ansible repo content Move Ansible Content Collections between repositories, using the Approval feature to certify an Ansible Content Collection and move it from the staging repository to the published repository, or to reject it and move it from the staging repository to the rejected repository.
Users Add user, Change user, Delete user, and View user Manage user configuration and access in private automation hub.
Groups Add group, Change group, Delete group, and View group Manage group configuration and access in private automation hub.
Collection Remotes Change collection remote and View collection remote Configure or view configured remote repositories of Ansible Content Collections that can be synchronized to the private automation hub, under CollectionsRepository Management.
Containers Change container namespace permissions Change permissions on the container repository.
Change containers Change information on containers.
Change image tags Modify image tags on containers.
Create new containers Upload new containers.
Delete container repository Delete a container repository.
Push to existing containers Push an image to an existing container.
Remote Registries Add remote registry, Change remote registry, and Delete remote registry Add, change, or delete remote registries in private automation hub.
Task Management Change task, Delete task, and View all tasks Manage tasks under Task Management in private automation hub.

Creating Users

The private automation hub installation process creates the default admin user. This user is assigned all permissions in the system.

You can create users in private automation hub and add them to groups. Use the following procedure to add a new user to private automation hub:

  1. Log in to your private automation hub using credentials for the admin user or as a user who has permission to manage users.

  2. Navigate to User AccessUsers and then click Create.

  3. Enter a valid Username, First name, Last name, Email, and Password.

  4. Assign the user to a group by clicking the Groups field and selecting from the list of groups.

  5. Keep the User type as Not a super user.

  6. Click Save.

Figure 2.6: Creating a new user

Important

Super users are assigned all system permissions regardless of what groups they are in.

Creating Groups to Manage Content

You can create different groups in private automation hub and assign different permissions based on their role. For example, you can create one group for system administrators responsible for governing internal Ansible Content Collections, configuring user access, and repository management. You can create another group for content curators responsible for organizing and uploading internally developed content to private automation hub.

Suppose in your organization you need to create a new group in private automation hub to manage automation content. The group manages the internally developed Automation Content Collections and the automation execution environments in private automation hub.

Use the following procedure to add a new group to private automation hub and assign necessary permissions:

  1. Log in to private automation hub using credentials for the admin user.

  2. Navigate to User AccessGroups and then click Create.

  3. Enter app_team in the Name field and click Create to create the group.

  4. Click Edit.

  5. For Collection Namespaces permissions, select Add namespace, Change namespace, Delete namespace, and Upload to namespace.

  6. For Collections permission, select Modify Ansible repo content.

  7. For Containers permission, select Change containers, Change image tags, Create new containers, Delete container repository, Push to existing containers.

  8. Click Save.

Figure 2.7: Specific group permissions

Next, create a new user andrew as a member of app_team group.

  1. Log in to your private automation hub using credentials for the admin user or as a user who has permission to manage users.

  2. Navigate to User AccessUsers and then click Create.

  3. Enter andrew as the Username and redhat123 as the Password.

  4. Assign the user to group app_team by clicking in the Groups field and selecting from the list of groups.

  5. Keep the User type as Not a super user.

  6. Click Save.

Verify that user andrew can manage Ansible Content Collections.

  1. Log in to private automation hub as the user andrew.

  2. Navigate to CollectionsNamespaces.

  3. Click Create.

  4. Enter a name for the namespace and select app_team as Namespace owners.

  5. Confirm that the user can upload Ansible Content Collections in the namespace.

Figure 2.8: Permission to upload collections

Verify that user andrew can manage automation execution environments.

  1. Log in to private automation hub as the user andrew.

  2. Navigate to Execution EnvironmentsExecution Environments.

Figure 2.9: Permission to manage execution environment

Private automation hub provides content creators a single source of truth to collaborate and publish their automation content within their organizations. To efficiently manage access to your automation content, you can create groups with the right permissions and add users into those groups. This approach is simple compared to assigning permissions to individual users.

References

Managing user access in Private Automation Hub

Managing containers in private automation hub

PreviousNext
Revision: do467-2.2-08877c1