Permissions to read all objects in organization (no admin) and launch jobs

Juan_A_S · May 31, 2019, 11:15am

Hi

We are developing an application that connects to AWX to launch jobs using the API and a token. Before launching the job, the app checks for some data in Ansible: the host exists, the credentials exists, etc. We have tried with read, member and execute permissions for the user on the organization, but the user, using the API, can’t see any host or credential, only job templates. Giving the user admin permissions, can see all, but also managing them, but we don’t need the user to manage objects, only to see them to check their existence. What would be the correct permissions to achieve this?

Regards.

matburt · May 31, 2019, 6:05pm

GIve them org admin permissions and generate the token with only “read” scope. Or give them system auditor permissions… a system auditor can see all things but can’t write.

Juan_A_S · June 4, 2019, 10:10am

With member, read, auditor and execute permissions on the organization, and the token having write access, the user still can’t launch jobs (“You don’t have permissions to perform this action”).

Any idea?

matburt · June 4, 2019, 12:04pm

https://www.ansible.com/blog/security-and-delegation-with-ansible-tower-part-1

Topic		Replies	Views
how to add group into AWX inventory while having users permission ? AWX Project awx	6	0	August 2, 2018
Job Template Permissions Project Discussions awx , dev	3	335	October 5, 2023
job history listing permissions AWX Project awx	1	0	November 11, 2022
About permissions AWX Project azure	4	1	November 7, 2019
AWX RBAC permissions only on job template execution AWX Project awx	1	5	May 28, 2019

Permissions to read all objects in organization (no admin) and launch jobs

Related topics