What is the nature and description of the request?

Customer is looking at having the ability to remove credential rights for a super-user; or an secondary administrator account without the ability to manage credential rights.

Why does the customer need this? (List the business requirements here)

The platform will be utilized across the entire Defence Software Factories and having administrators who can also manage the platform (e.g., patching of host OS & AAP, deprovisioning user accounts, creation of teams, etc), is important. We're working to establish a Ansible "Central Kitchen" or CoE with one of the largest Defence software factories in the world.

How would you like to achieve this? (List the functional requirements here)

1. Having ability to manage the permission to manage/remove the credentials of another user for the secondary administrator.
2. Creation of a pre-baked role "Secondary Administrator"

List any affected known dependencies: Doc, UI etc..

• Unknown

Github Link if any

• Nil

Notes:
the custom role that you suggested isn't able to meet this requirement: * the ability to have granular control over administrator roles (eg sub-admins) to manage system administration yet doesn’t have ability to remove credentials is quite important.