I am looking into RBAC on AWX. My idea is to have multiple teams such as lower and higher level operators and administrators.
My intention was to only use the GUI for job template execution, logging consumption and auditing; and to have objects provisioned to AWX programmatically. I am considered having a data model containing AWX objects include a tag on each object that would associate the appropriate team to a role/permission.
To make my life simpler I was thinking to give the same “use” permission to all users on all objects with the exception of job templates which would have differentiated permissions depending on the infrastructure and type of job template. Only tagging the job templates seemed easier to implement and given that no user of the GUI would have the rights to compose a job template this seemed a reasonable combination of ease and security.
Does this approach make sense?
Best regards
Rod Oliver