1
0
mirror of https://github.com/ansible/awx.git synced 2024-10-30 22:21:13 +03:00
awx/docs/rbac.md
Wayne Witzel III 4450781662 Update rbac.md
Fixing typo
2016-02-10 17:11:24 -05:00

1.4 KiB

Role-Based Access Control (RBAC)

This document describes the RBAC implementation of the Ansible Tower Software. The intended audience of this document is the Ansible Tower developer.

Overview

The RBAC system allows you to create and layer roles for controlling access to resources. Any django.Model can be made into a Resource in the RBAC system by using the ResourceMixin. Once a model is accessible as a resource you can extend the model definition to have specific roles using the ImplicitRoleField. This role field allows you to configure the name of a role, any parents a role may have, and the permissions having this role will grant you to the resource.

Roles

Roles are defined for a resource. If a role has any parents, these parents will be considered when determing what roles are checked when accessing a resource.

ResourceA
 |-- AdminRole

ResourceB
 | -- AdminRole
       |-- parent = ResourceA.AdminRole

When a user attempts to access ResourceB we will check for their access using the set of all unique roles, include the parents.

set: ResourceA.AdminRole, ResourceB.AdminRole

This would provide anyone with the ResourceA.AdminRole or ResourceB.AdminRole access to ResourceB.

Models

Role

RoleHierarchy

Resource

RolePermission

Fields

ImplicitRoleField

ImplicitResourceField

Mixins

ResourceMixin

Usage