Managing user access in Automation Hub

Red Hat Ansible Automation Platform 1.0

Configure Automation Hub to support your organization by creating groups for your users and providing them with the level of system access they require.

Red Hat Customer Content Services

Abstract


Preface

Configure user access in Automation Hub to provide the appropriate level of system permissions to groups in your organization.

Chapter 1. Configuring user access for your local Automation Hub

1.1. About user access

You can manage user access to content and features in Automation Hub by creating groups of users that have specific permissions.

1.1.1. How to implement user access

User access is based on managing permissions to system objects (users, groups, namespaces) rather than by assigning permissions individually to specific users.

You assign permissions to the groups you create. You can then assign users to these groups. This means that each user in a group has the permissions assigned to that group.

Groups created in Automation Hub can range from system administrators responsible for governing internal collections, configuring user access, and repository management to groups with access to organize and upload internally developed content to Automation Hub.

1.1.2. Default user access

When you install Automation hub, the default admin user is created in the Admin group. This group is assigned all permissions in the system.

1.1.3. Getting started

Log in to your local Automation Hub using credentials for the admin user configured during installation.

The following sections describe the workflows associated with organizing your users who will access Automation Hub and providing them with required permissions to reach their goals. See the permissions reference table for a full list and description of all permissions available.

1.2. Creating a new group

You can create and assign permissions to a group in Automation Hub that enables users to access specified features in the system. By default, there is an admins group in Automation Hub that has all permissions assigned and is available on initial login with credentials created when installing Automation Hub.

Prerequisites

  • You have groups permissions and can create and manage group configuration and access in Automation Hub. See Automation Hub permissions for information on system permissions.

Procedure

  1. Log in to your local Automation Hub.
  2. Navigate to menu:Groups.
  3. Click Create.
  4. Provide a Name and click Create.

You can now assign permissions and add users on the new group edit page.

1.3. Assigning permissions to groups

You can assign permissions to groups in Automation Hub that enable users to access specific features in the system. By default, new groups do not have any assigned permissions. You can add permissions upon initial group creation or edit an existing group to add or remove permissions

Prerequisites

  • You have Change group permissions and can edit group permissions in Automation Hub. See Automation Hub permissions for information on system permissions.

Procedure

  1. Log in to your local Automation Hub.
  2. Navigate to menu:Groups[].
  3. Click on a group name.
  4. Click Edit.
  5. Click in the field for the permission type and select permissions that appear in the list
  6. Click Save when finished assigning permissions.

The group can now access features in Automation Hub associated the their assigned permissions.

1.4. Creating a new user

You can create a user in Automation Hub and add them to groups that can access features in the system associated by the level of assigned permissions.

Prerequisites

  • You have user permissions and can create users in Automation Hub. See Automation Hub permissions for information on system permissions.

Procedure

  1. Log in to your local Automation Hub.
  2. Navigate to menu:Users.
  3. Click Create user.
  4. Provide information in each of the fields. Username and Password are required.
  5. [Optional] Assign the user to a group by clicking in the Groups field and selecting from the list of groups.
  6. Click Save.

The new user will now appear in the list on the Users page.

1.5. Adding users to groups

You can add users to groups when creating a group or manually add users to existing groups. This section describes how to add users to an existing group.

Prerequisites

  • You have groups permissions and can create and manage group configuration and access in Automation Hub. See Automation Hub permissions for information on system permissions.

Procedure

  1. Log in to Automation Hub
  2. Navigate to menu:Groups[] and click the Users tab.
  3. Click Add.
  4. Select users to add from the list and click Add.

You have now added the users you selected to the group. These users now have permissions to use Automation Hub assigned to the group.

1.6. Creating a new group for content curators

You can create a new group in Automation Hub designed to support content curation in your organization who will contribute internally developed collections for publication in Automation Hub.

In this section you will create a new group and assign the required permissions to help content developers create namespaces and upload their collections to Automation Hub.

Prerequisites

  • You have admin permissions in Automation Hub and create groups.

Procedure

  1. Log in to your local Automation Hub.
  2. Navigate to menu:Groups[] and click Create.
  3. Enter Content Engineering as a Name for the group in the modal and click Create. The new group is created and the Groups page will appear.
  4. On the Permissions tab, click Edit.
  5. Under Namespaces add permissions for Add Namespace, Upload to Namespace and Change Namespace.
  6. Click Save.

    The new group is created with the permissions you assigned. Next you can add users to the group.

  7. Click the Users tab on the Groups page.
  8. Click Add.
  9. Select users from the modal and click Add.

Conclusion

You now have a new group who can use Automation Hub to:

  • create a namespace,
  • edit the namespace details and resources page
  • upload internally developed collections to the namespace.

1.7. Automation Hub permissions

Permissions provide a defined set of actions each group performs on a given object. Determine the required level of access for your groups based on the following permissions:

Table 1.1. Permissions Reference Table

ObjectPermissionDescription

namespace

Add namespace

Upload to namespace

Change namespace

Groups with these permissions can create a namespace and upload collections to a namespace.

collections

Modify Ansible repo content

Groups with this permission can move content between repositories using the Approval feature. Certify or reject features to move content from the staging to published or rejected repositories.

user

View user

Delete user

Add user

Change user

Groups with these permissions can manage user configuration and access in Automation Hub.

groups

View group

Delete group

Add group

Change group

Groups with these permissions can manage group configuration and access in Automation Hub.

remotes

Change collection remote

View collection remote

Groups with these permissions can configure remote repository syncing from Community * or RH Certified sources under Repo Management.

Chapter 2. Conclusion

Following the procedure above, you can:

  • Create a group and add permissions to it;
  • Create users;
  • Add those users to your groups.

Legal Notice

Copyright © 2020 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.