Ansible permissions

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:2分

    • Ansible Config Provider, Ansible Catalog and operations permissions.

    表 : 1. Ansible Day 0, Day 1 and Day 2 permissions
    Permission type Description
    Ansible Config Provider Discovery on Day 0
    1. Configure Ansible credentials reference link: https://docs.ansible.com/ansible-tower/latest/html/userguide/credentials.html
    2. Creating Ansible tower users: https://docs.ansible.com/ansible-tower/3.2.5/html/userguide/users.html
    3. Roles/permissions can be granted to Ansible tower users per project/ inventory/ job template/credentials as required. For more details: https://docs.ansible.com/ansible-tower/latest/html/userguide/users.html#users-permissions
    4. CAPI uses basic authentication token based mechanism which uses the Ansible tower user's credentials. OAuth tokens based on basic authentication credentials are generated.
    5. Projects that contain the GitHub credentials of the playbook (this is where .yml files exist) is configured manually on Ansible. For more information: https://docs.ansible.com/ansible-tower/latest/html/userguide/credentials.html#source-control
    6. Uses Ansible credentials for Discovery of Inventory, projects, cfg installable– job templates (fetching playbooks and its extra variables) using CAPI.
    Ansible Catalog provision/ de-provision on Day 1 Uses Ansible tower user credentials and service account credentials of Amazon Web Services/ Azure given in the Ansible job template.
    Ansible tag:GetResources for discovery
    Uses 
     tag:GetResources
    permission to discover AWS resources provisioned through Ansible pipeline.
    Ansible Day 2 operations Uses Ansible tower user credentials, service account credentials of Amazon Web Services/ Azure and private ssh key pair or windows user name/password, to connect to the particular cloud resource provisioned.