Documentation

9. Teams

A Team is a subdivision of an organization with associated users, projects, credentials, and permissions. Teams provide a means to implement role-based access control schemes and delegate responsibilities across organizations. For instance, permissions may be granted to a whole Team rather than each user on the Team.

You can create as many Teams of users as make sense for your Organization. Each Team can be assigned permissions, just as with Users.

Teams can also scalably assign ownership for Credentials, preventing multiple Tower interface click-throughs to assign the same Credentials to the same user.

The Teams link, accessible by clicking on the Settings (settings) button and then selecting Teams, allows you to manage the teams for Tower. The team list may be sorted and searched by Name, Description, or Organization.

Buttons located in the upper right corner of the Team tab provide the following actions:

  • View Activity Stream
  • Create a new team

Teams - expand team setup link

9.1. Create a Team

To create a new Team:

  1. Click the add button.

    Teams - create new team

  2. Enter the appropriate details into the following fields:

  • Name
  • Description (optional)
  • Organization (Choose from an existing organization)
  1. Click Save.

Once the Team is successfully created, Tower opens the Details dialog, which also allows you to review and edit your Team information. This is the same menu that is opened if the Edit (edit-button) button is clicked from the Teams link. You can also review Users and Permissions associated with this Team.

Teams - example team successfully created

9.1.1. Teams - Users

This menu displays the list of Users that are members of this Team. This list may be searched by Username, First Name, or Last Name. For more information, refer to Users.

Teams - users list

9.1.1.1. Add a User

In order to add a user to a team, the user must already be created in Tower. Refer to Create a User to create a user. To add existing users to the Team:

  1. Click the add button.

  2. Select one or more users from the list of available users by clicking the checkbox next to the user(s). Doing so expands the lower part of the Wizard to assign roles to each user.

    Teams - add users for example team

  3. For each user, click from the drop-down menu to select one or more roles for that user.

Note

For help on what the roles mean, click the Key button. For more information, refer to the Roles section of this guide.

Teams - assign role for example users

In this example, two users have been selected and each have been granted certain roles within this team.

  1. Click the Save button when done.

9.1.2. Teams - Permissions

Selecting the Permissions view displays a list of the permissions that are currently available for this Team. The permissions list may be sorted and searched by Name, Inventory, Project or Permission type.

Teams - permissions list

The set of privileges assigned to Teams that provide the ability to read, modify, and administer projects, inventories, and other Tower elements are permissions.

By default, the Team is given the “read” permission (also called a role).

Permissions must be set explicitly via an Inventory, Project, Job Template, or within the Organization view.

9.1.2.1. Add Team Permissions

To add permissions to a Team:

  1. Click the add permissions button, which opens the Add Permissions Wizard.
Add Permissions Form
  1. Click to select the Tower object for which the user will have access:

    • Job Templates. This is the default tab displayed in the Add Permissions Wizard.
    • Workflow Templates
    • Projects
    • Inventories
    • Credentials

    Note

    You can assign different roles to different resources all at once to avoid having to click the add permissions button. To do so, simply go from one tab to another after making your selections without saving.

  2. Perform the following steps to assign the user specific roles for each type of resource:

    1. In the desired tab, click the checkbox beside the name of the resource to select it.

      The dialog expands to allow you to select the role for the resource you chose.

    2. Select the role from the drop-down menu list provided:

      • Admin allows read, run, and edit privileges (applicable to all Tower objects)
      • Execute allows read and run privileges (applicable to job templates and workflow templates)
      • Use allows use of the project in a job template (applicable to projects, inventories, and credentials)
      • Update allows updating of project, inventory, or group via the SCM Update (applicable to projects and inventories)
      • Ad Hoc allows running of ad hoc commands (applicable to inventories)
      Add Permissions - Job Template Form

      Tip

      Use the Key button to display the help text for each of the roles applicable to the resource selected.

    3. Review your role assignments for each of the Tower objects by clicking on their respective buttons in the expanded section 2 of the Add Permissions Wizard.

      Add Permissions - Sample Section 2
    4. Click Save when done, and the Add Permissions Wizard closes to display the updated profile for the user with the roles assigned for each selected resource.

      Edit User Form with Role Assignments

      To remove Permissions for a particular User, click the Disassociate (x-button) button under Actions. This launches a Remove Role dialog, asking you to confirm the disassociation.

Note

You can also add teams or individual users and assign them permissions at the object level (projects, inventories, job templates, and workflow templates) as well. Ansible Tower release 3.1 introduces the ability to batch assign permissions. This feature reduces the time for an organization to onboard many users at one time. For more details, refer to their respective chapters in the Ansible Tower User Guide v3.1.1.