Hello
I’m using awx collection to manage our AWX platform.
I have an issue when an organisation admin wants to create a user with tower_user.
He received this error “You don’t have permission to POST to /api/v2/users/ (HTTP 403).” as he can’t specify the organisation. The API call is not done to the organisation level.
Is there a workaround for organisation admin to create user using awx collection ?
Regards
Mickael
Hi Mickael
Are you trying to create a user in another organisation that the admin user is not part of? That is not allowed, as it’s considered a security loophole (that’s why you can’t specify an org)
Phil.
Hi
Here a simple tasks of what I am trying to do :
I received this error :
TASK [Add tower user] ******************************************************************************************************************************
fatal: [localhost]: FAILED! => {“changed”: false, “msg”: “You don’t have permission to POST to /api/v2/users/ (HTTP 403).”}
The user test is not system administrator but he is organisation admin of a test organisation.
The module tower_user doesn’t got any organisation parameter. It does an API call to /api/v2/users/ , this API create a user not member to any organisation.
I would like our organisation admin to use awx.tower_user instead of the GUI but it seems not possible.
Any idea ?
Regards
Mickael
I can’t get environment to behave properly, this maybe a bug or design omission for the module.
Use a config file as per the module documentation and it’ll work.
Yes, it works as the admin user:
TASK [Add tower user] ******************************************************************************************************************************
changed: [localhost]
So I’m assuming the org admin role doesn’t have permissions to hit the API endpoint, only admin.