AWX RBAC: A Step-by-Step Guide to Setting Up Role-Based Access Control

Setting Up RBAC in AWX: A Quick How-To Guide

INTRO:

AWX, an open-source web application, offers user interfaces (UI), a REST API, and a task engine for Ansible. Sponsored by Red Hat, it’s a community project empowering users to efficiently manage Ansible projects in IT environments. AWX serves as the foundation for Red Hat’s Ansible Tower.

Prerequisites:

• AWS Server
• Admin Access to Server

Best Practices:

• Enforce the Principle of Least Privilege

In AWX, users can be categorized into three distinct types.

• Normal User: Normal Users have read and write access limited to the resources (such as inventory, projects, and job templates) for which that user has been granted the appropriate roles and privileges.
• System Auditor: Auditors implicitly inherit the read-only capability for all objects within the Tower environment.
• System Administrator: A Tower System Administrator (also known as Superuser) has full system administration privileges for Tower — with full read and write privileges over the entire Tower installation. A System Administrator is typically responsible for managing all aspects of the Tower and delegating responsibilities for day-to-day work to various Users. Assign with caution!

Step 1: User Permissions

1. Start by navigating to the AWX GUI (Graphical User Interface).
2. Once there, locate the “Users” section within the “Access” category.
3. Click on the “Add” button to proceed.
4. Fill in the required information as prompted.
5. In the “User Type” field, select one of the following options:

• Normal user
• System Auditor
• System Administrator

Step 2: Team Permissions

1. Navigate to the “Access” category within the AWX GUI.
2. Select the “Teams” section.
3. Click on the “Add” button to create a new team.
4. Provide the necessary information for the new team as prompted.

5. After creating the team, locate your team in the “Teams” section.

6. Click on your team to access its settings.

7. Navigate to the “Roles” tab within the team settings.

8. Click on the “Add” button to assign new roles to your team.

9. Once you’re in the “Roles” section within your team settings, you can grant access to various resources such as “Job templates”, “Workflow Job Templates”, “Credentials”, and more. Simply select the appropriate options based on your team’s requirements to configure their access accordingly

NOTE: You can see the Selected resource types

10. Choose the appropriate roles to apply to the resource based on your team’s needs.

11. Feel free to add your users to your team according to your preferences in the “Access” part of your team's settings.

Step 3: Organization Permissions

What are Organizations?

A logical collection of Users, Teams, Projects, and Inventories. The highest level in the Tower object hierarchy is the Organization.

To establish a new organization, navigate to the “Access” category, proceed to “Organizations,” and select “Add.”

Once the organization has been created, access the organization settings, navigate to the “Access” section, and proceed to add the desired resources.

Conclusion:

AWX RBAC (Role-Based Access Control) efficiently manages user permissions in a company. It aligns roles with users’ responsibilities and access needs, ensuring resource protection and smooth collaboration. AWX RBAC simplifies security, tasks, and compliance, creating a structured and secure environment for enterprise operations.

Sources:

https://ansible.readthedocs.io/projects/awx/en/latest/