• What is the nature and description of the request?

Currently, within Ansible Automation Platform (AAP) 2.5, the delegation of roles for Event-Driven Ansible (EDA) resources—such as projects, rulebooks, event streams, and credentials—is limited to broad "Admin" or "Use" permissions. 

 
This request is to introduce more granular, organization-scoped administrative roles for Event-Driven Ansible (EDA) resources, mirroring the detailed Role-Based Access Control (RBAC) capabilities already available for Automation Controller resources. This would allow for a more precise and secure delegation of administrative responsibilities specific to EDA content and operations. * Why does the customer need this? (List the business requirements here)

The need for more granular RBAC in EDA stems from several critical business requirements:
• Enhanced Security and Compliance: Organizations must adhere to the principle of least privilege, which dictates that users should only have the minimum access necessary to perform their job functions.  

The current broad "Admin" role for all EDA resources leads to over-provisioning of access, creating potential security vulnerabilities and making it difficult to meet compliance standards that require fine-grained access control and auditing.

Improved Delegation of Responsibilities: In large enterprise environments with multiple teams, business units, or departments, different groups are typically responsible for managing their own automation content. For example, a network team might manage specific EDA projects and rulebooks for network events, while a security team manages those for security alerts. Without granular roles, a central platform administrator must either manage all EDA content directly or grant excessive permissions, hindering self-service and decentralized operations  

Granting specific administrative roles to team leads or designated administrators within each organization would empower them to manage their EDA resources

• How would you like to achieve this? (List the functional requirements here)

To address the business requirements, the following functional changes are requested:
 
• Definition of Granular EDA Roles: Introduce new, distinct role types within the AAP RBAC system for EDA resources. These roles should include, but not be limited to:
 
Event-Driven Ansible Project Administrator: Ability to create, read, update, and delete EDA projects within a specified organization.
 
Event-Driven Ansible Rulebook Administrator: Ability to manage rulebooks, including their creation, editing, and deletion, within specific EDA projects or organizations
 
Event-Driven Ansible Event Stream Administrator: Ability to manage event streams, including their creation, modification, and deletion, within a specified organization.
 
Etc...
 
Organization-Scoped Assignment: These newly defined EDA roles must be assignable to teams and individual users and scoped to specific organizations. This means an "Organization Administrator" should be able to grant these granular EDA roles to users or teams within their own organization, without needing "Superuser" or platform-wide administrative privileges
  * List any affected known dependencies: Doc, UI etc..

Docs, UI, API and CasC Collections for EDS

• Github Link if any

N/A