Standard user account used for initiating builds / rollouts using Ansible

Hi

I have a general question please with regards to what account I should use as the * standard * user for initiating Ansible deployments / rollouts.

I know that the use of the term * standard * could be a little tricky, but in general, when starting a new environment at a new site what account should I use as the “Ansible deployment account”.

I have experienced one environment just using the root user, and then connecting at the root user on the remote servers.
I have also experienced people just using their own accounts and adding them to a group called ansible that owns all of the deployment files.

I was thinking of just using the account ansible on the local Ansible server, which then connects to remote ansible users on the remote servers.
Then doing a sudo to root if required - which it will in most cases I guess.

Using the root user seems wrong and using individual accounts does not seem very tidy.

Do others use a special ansible account for deployments?

Just looking for thoughts to confirm if I am doing the right thing.
It’s lonely being the person setting things up and making the standards.

p.s. Nice product.

The account usage is normally a constraint of your security
requirements, using a common account might be tidy but obscures
auditability. It is much easier to manage a single user's permissions
than multiple users, shared passwords or sudo w/o a password can also
be an issue. A case can be made for each type of setup.

yes, *standard* in this context is mostly the absence of one.

Thanks for the reply Brian