Uploaded image for project: 'Hybrid Cloud Console'
  1. Hybrid Cloud Console
  2. RHCLOUD-40174

[RFE] Service Accounts | Grant New Service Account Same Permissions as "Creator"

XMLWordPrintable

    • [RFE] Service Accounts | Grant New Service Account Same Permissions as "Creator"
    • Product / Portfolio Work
    • False
    • Hide

      None

      Show
      None
    • False
    • Unset
    • To Do

      As a creator of a Service Account (and not an Org Admin or User Access Admin), I want the option to grant the new Service Account the same permissions I currently have. This will allow the Service Account to immediately automate my existing tasks.

       


      Problem:

      New Service Accounts have no initial permissions. They aren't part of any groups by default. Currently, only Org Admins or User Access Admins can grant permissions by:

      • Creating user groups.
      • Creating roles.
      • Linking roles to user groups.
      • Adding service accounts to user groups.

      This prevents users from easily automating tasks with Service Accounts.

      Possible Solutions:

      1. Add to Default Access Group

      Provide an option to add the Service Account to the Default Access Group (or a custom default access group) during creation.

      • Potential issue: This goes against the principle of least privilege. We'd need to discuss this with RH security teams.

      2. Request access to Default Access Group

      Include an option to request the Service Account be added to the Default Access Group (or custom default access group). This would start a workflow for an Org Admin to approve or deny.

       

      Additional context: https://redhat-internal.slack.com/archives/C083SDCR760/p1747762861588479 

              Unassigned Unassigned
              rhn-support-rabbott Ryan Abbott
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: