Uploaded image for project: 'Ansible Automation Platform RFEs'
  1. Ansible Automation Platform RFEs
  2. AAPRFE-1338

Add ability to show/hide what a user can see in AAP based on Role

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • 2.4
    • controller
    • False
    • Hide

      None

      Show
      None
    • False

      1. What is the nature and description of the request?

      Today, the RBAC settings provides a user with the ability to perform actions based on the roles provided to them. For example, the Execute role for a Job Template allows the user to launch the job templates they have been provided access to.

      However, they can still see content in AAP that isn't relevant to their role. For example, they can see the Views, Resources, Access, and Administration menus, which may contain information unrelated to the Job Template Executor's role. 

      We want to be able to hide Entire navigation menus (ex: Views) or to remove individual categories (ex: Inventories, Credentials, etc) from the navigation menus so that Roles or Users cannot see certain content.

      2. Why does the customer need this? (List the business requirements here)

      A person who is performing a task in AAP may get distracted/confused by all of the available menus they can see, but not do anything with.

      This would prevent someone from being able to click the "relaunch" button from the Jobs list.

      3. How would you like to achieve this? (List the functional requirements here)

      Implement the ability to show/hide content based on a role, but also allow it to be overridden on a per-person basis. 

      For example, Today, a Job Template Read/Write/Admin has the ability to see the following:

       

      Views > Dashboard, Jobs, Schedules, Activity Stream, Workflow Approvals
Resources > Templates, Credentials, Projects, Inventories, Hosts
Access > Organizations, Users, Teams
Administration > Credential Types, Instance Groups, Applications, Execution Environments

       

      In the future, the Job Template Read/Write/Admin role may provide access to the following content by default:

       

      Views > Dashboard, Jobs, Schedules
Resources > Templates
And nothing else

      However, I could redefine this to 

       

      Views > Dashboard
Resources > Templates
And nothing else

      These would stack, so a user with both the Job Template role and Credential Role would see the following by default:

       

      Views > Dashboard, Jobs, Schedules
Resources > Templates, Credentials
And nothing else

       

       

       

              bcoursen@redhat.com Brian Coursen
              jbird@redhat.com Jeffrey Bird
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: