Chapter 2. Configuring user access for container repositories in private automation hub
Configure user access for container repositories in your private automation hub to provide permissions that determine who can access and manage images in your Ansible Automation Platform.
2.1. Prerequisites
- You can create groups and assign permissions in private automation hub.
2.2. Container registry group permissions
User access provides granular controls to how users can interact with containers managed in private automation hub. Use the following list of permissions to create groups with the right privileges for your container registries.
Table 2.1. List of group permissions used to manage containers in private automation hub
| Permission name | Description |
|---|---|
| Create new containers | Users can create new containers |
| Change container namespace permissions | Users can change permissions on the container repository |
| Change container | Users can change information on a container |
| Change image tags | Users can modify image tags |
| Pull private containers | Users can pull images from a private container |
| Push to existing container | Users can push an image to an existing container |
| View private containers | Users can view containers marked as private |
2.3. Creating a new group
You can create and assign permissions to a group in automation hub that enables users to access specified features in the system. By default, there is an admins group in automation hub that has all permissions assigned and is available on initial login with credentials created when installing automation hub.
Prerequisites
- You have groups permissions and can create and manage group configuration and access in automation hub.
Procedure
- Log in to your local automation hub.
- Navigate to User Access → Groups.
- Click Create.
- Provide a Name and click Create.
You can now assign permissions and add users on the group edit page.
2.4. Assigning permissions to groups
You can assign permissions to groups in automation hub that enable users to access specific features in the system. By default, new groups do not have any assigned permissions. You can add permissions upon initial group creation or edit an existing group to add or remove permissions
Prerequisites
- You have Change group permissions and can edit group permissions in automation hub.
Procedure
- Log in to your local automation hub.
- Navigate to User Access → Roles.
- Click Add roles.
- Click in the name field and fill in the role name.
- Click in the description field and fill in the description.
- Complete the Permissions section.
- Click in the field for each permission type and select permissions that appear in the list.
- Click Save when finished assigning permissions.
- Navigate to User Access → Groups.
- Click on a group name.
- Click on the Access tab.
- Click Add roles.
- Select the role created in step 8.
- Click Next to confirm the selected role.
- Click Add to complete adding the role.
The group can now access features in automation hub associated with their assigned permissions.
Additional resources
- See Container registry group permissions to learn more about specific permissions.
2.5. Adding users to groups
You can add users to groups when creating a group or manually add users to existing groups. This section describes how to add users to an existing group.
Prerequisites
- You have groups permissions and can create and manage group configuration and access in automation hub.
Procedure
- Log in to automation hub.
- Navigate to User Access → Groups.
- Click on a Group name.
- Navigate to the Users tab, then click Add.
- Select users to add from the list and click Add.
You have added the users you selected to the group. These users now have permissions to use automation hub assigned to the group.