4 Setting Up Permissions for Organizations, Teams, and Users
This chapter describes how Oracle Linux Automation Manager enables administrators to create organizations, teams, and users where permissions can be allocated at each level. These permissions are based on role-based access controls.
Each level has the following functions:
-
Organizations: Administrators can specify which organizations can run an Oracle Linux Automation Engine playbook on what inventory by associating an organization to a project and an inventory. An organization can specify multiple projects and inventories, but each project and inventory can specify only one organization.
-
Teams: A team belongs to one organization and a team can specify default permissions that apply to any user assigned to the team.
-
Users: A user can belong to one or more organizations or teams. Thus a user may have different permissions depending on which organization, team, and associated projects and inventory they are working with.
Table 4-1 Role-Based Access Control Role Descriptions
System Role Description Admin
Manages the entire system.
Executive
Runs assigned job templates.
Project Admin
Manages projects.
Inventory Admin
Manages inventory.
Credential Admin
Manages credentials.
Workflow Admin
Manages workflows.
Notification Admin
Manages notifications.
Job Template Admin
Manages job templates.
Auditor
Views the entire system.
Member
Indicates that a user is a member of a an organization or team.
Read
Views all aspects of a defined organization, team, inventory, project, or job template.
Setting Up Organizations
To setup an organization, do the following:
-
Log into Oracle Linux Automation Manager with an administrator user account.
-
Expand the navigation menu, and from the Access section, click Organization.
The Organizations page appears.
-
Click the Plus icon.
The New Organization page appears.
-
From the Name field, enter a name for your organization. For example, Organization 1.
-
Click Save.
-
Click the Users button.
-
Click the Plus icon.
The Add User's dialog appears.
-
Select the checkbox next to the user accounts you want to add to the organizations.
-
Click Save.
-
Click the Permissions button.
-
Click the Plus icon.
The Add Permissions dialog appears.
-
If you want to configure permissions for one or more users, click the Users button and select the checkbox beside the user accounts you want to configure.
A new section appears below where you can assign permissions to the user accounts you selected.
-
Click the Select Roles box and choose from one of the specified system roles.
-
If you want to configure permissions for one or more teams, click the Teams button and select the checkbox beside the team accounts you want to configure.
A new section appears below where you can assign permissions to the teams you selected.
-
Click the Select Roles box and choose from one of the specified system roles.
-
Click Save.
Setting Up Teams
To setup a team, do the following:
-
Log into Oracle Linux Automation Manager with an administrator user account.
-
Expand the navigation menu, and from the Access section, click Teams.
The Teams page appears.
-
Click the Plus icon.
The New Team page appears.
-
In the Name field, enter a name for your team. For example, Team 1.
-
From the Organization list, select an organization. For example, Organization 1.
-
Click Select.
-
Click Save.
-
Click the Users button.
-
Click the Plus icon.
The Add User's dialog appears.
-
Select the checkbox next to the user accounts you want to add to the team.
-
Click Select.
-
Click the Permissions button.
-
Click the Plus icon.
The Add Permissions dialog appears.
-
Click from the following options to select corresponding resources:
-
Job Templates
-
Projects
-
Inventories
-
Credentials
-
Organizations
-
-
As you select resources, you must then assign the resources to a role.
Note:
Each resource can have different roles that can be assigned.
-
Click Save.
Setting Up Users
To setup a user, do the following:
-
Log into Oracle Linux Automation Manager with an administrator user account.
-
Expand the navigation menu, and from the Access section, click Users.
The Users page appears.
-
Click the Plus icon.
The New User page appears.
-
From the Name field, enter a name for your user. For example, User 1.
-
From the Organization list, select an organization. For example, Organization 1.
-
Click Select.
-
In the Email field, enter a valid email address.
-
In the Username field, enter a user name.
-
In the Password field, enter a password.
-
In the Confirm Password field, reenter the password.
-
From the User Type, select one of the following user types:
-
Normal User: You can limit users read and write access to the resources (such as inventory, projects, and so on) based on roles and privileges.
-
System Auditor: You can limit users to read-only permissions for all objects within Oracle Linux Automation Manager.
-
System Administrator: You can allow full system administration privileges (full read and write) for all objects within Oracle Linux Automation Manager.
-
-
Click Save.
-
Click the Organizations button.
All organizations that the user is part of appear in the list. This is a read only page.
-
Click the Teams icon.
All teams that the user is part of appear in the list. This is a read-only page.
-
Click the Permissions button.
-
Click the Plus icon.
The Add Permissions dialog appears.
-
Click from the following buttons to select corresponding resources:
-
Job Templates
-
Projects
-
Inventories
-
Credentials
-
Organizations
-
-
As you select resources, you must then assign the resources to a role.
Note:
Each resource can have different roles that can be assigned.
-
Click Save.