Chapter 3. User access for Automation Services Catalog

When configuring Automation Services Catalog for your organization, consider the scope of your user environments, how those users are grouped, and the roles to assign. You can manage this workflow through User Access.

Automation Services Catalog features and workflows are governed by groups that have specific roles attached to them. The Organization Administrator role performs the initial creation of groups, assigns roles, and adds users.

Groups

Groups are user-defined and flexible to include many users and have multiple roles. Create new groups based on your organization’s requirements for working with Automation Services Catalog.

Roles

Roles provide a defined set of actions each group performs. Determine the required level of access for your users based on the following roles Automation Services Catalog uses:

Table 3.1. Role Reference Table

 RoleDescription

Administration

Organization Administrator

  • Manage user access for Catalog and Approval
  • Add platform sources to Catalog

Approval

Approval Administrator

  • Create and assign users to approval groups
  • Create and configure approval processes
  • Approval or deny requests
  • Monitor existing requests

Approval Approver

  • Approve or deny requests
  • Monitor existing requests

Approval User

  • Request a product
  • Monitor existing requests

Catalog

Catalog Administrator

  • Create / Edit order processes
  • Set an order process to a product or portfolios
  • Delete order processes

Catalog User

  • Request a product
  • Monitor existing requests
Note

By default, all users will have Catalog User and Approval User roles assigned to them.

Important

Due of potential security implications, limit the number of users in cloud.redhat.com with Organization Administrator privileges.

3.1. Creating administrator groups

The Organization Administrator can create new groups of administrators and users in Automation Services Catalog. Catalog and Approval administrators are required to perform initial workflows in configuring Automation Services Catalog. In this section, we will create groups for both Catalog and Approval administrators.

3.1.1. Creating a Catalog Administrator group

The Catalog Administrator is a role that grants create, read, update and order permissions. This role is used in creating and managing processes associated with portfolios and products.

To create a Catalog Administrator group:

  1. Navigate to SettingsUser Access.
  2. Click Create group.
  3. Enter group name and set the description.
  4. Click Next.
  5. In the Add members modal, check each user to add to the group. Click Next when finished.
  6. Check Catalog Administrator on the Assign roles modal.
  7. Review details for the new group and click Confirm.

We have created a group of Catalog Administrators and will now create a group of Approval administrators.

3.1.2. Creating an Approval Administrator group

The Approval Administrator is a role that grants create, read, update and order permissions. This role is used in creating and managing processes associated with portfolios and products.

To create an Approval Administrator group:

  1. Navigate to SettingsUser Access.
  2. Click Create group.
  3. Enter group name and set the description.
  4. Click Next.
  5. In the Add members modal, check each user to add to the group. Click Next when finished.
  6. Check Approval Administrator on the Assign roles modal.
  7. Review details for the new group and click Confirm.

The new group of Approval Administrators has been created. Approval Administrators can create new approval processes to set to platforms, portfolios, and products.

3.1.3. Creating Approval Approver Groups

The Approval Approver is a role that grants create and read permissions to users who will approve or deny requests generated when a Automation Services Catalog user orders a product.

To create an Approval Approver group:

  1. Navigate to SettingsUser Access.
  2. Click Create group.
  3. Enter group name and set the description.
  4. Click Next.
  5. In the Add members modal, check each user to add to the group. Click Next when finished.
  6. Check Approval Approvers on the Assign roles modal.
  7. Review details for the new group and click Confirm.

The new group of Approval Approvers has been created..

3.1.4. Adding new users to existing Groups

The Catalog Administrator can add new users to existing groups. Once added, users will have the level of permissions associated with that group.

You can add users to a group in the Groups view in User Access.

  1. Navigate to SettingsUser Access.
  2. Click Groups.
  3. Select a group from the list.
  4. Click Members and then click Add Member.
  5. Check those users that appear in the modal that you wish to add to the group.
  6. Click Add to group.

A message will appear notifying you if the member was added successfully.