-
Epic
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
[RFE] Service Accounts | Grant New Service Account Same Permissions as "Creator"
-
Product / Portfolio Work
-
False
-
-
False
-
Unset
-
To Do
-
-
As a creator of a Service Account (and not an Org Admin or User Access Admin), I want the option to grant the new Service Account the same permissions I currently have. This will allow the Service Account to immediately automate my existing tasks.
Problem:
New Service Accounts have no initial permissions. They aren't part of any groups by default. Currently, only Org Admins or User Access Admins can grant permissions by:
- Creating user groups.
- Creating roles.
- Linking roles to user groups.
- Adding service accounts to user groups.
This prevents users from easily automating tasks with Service Accounts.
Possible Solutions:
1. Add to Default Access Group
Provide an option to add the Service Account to the Default Access Group (or a custom default access group) during creation.
- Potential issue: This goes against the principle of least privilege. We'd need to discuss this with RH security teams.
2. Request access to Default Access Group
Include an option to request the Service Account be added to the Default Access Group (or custom default access group). This would start a workflow for an Org Admin to approve or deny.
Additional context: https://redhat-internal.slack.com/archives/C083SDCR760/p1747762861588479