Add Inventory Admin role

awx/main/access.py

@@ -641,9 +641,9 @@ class InventoryAccess(BaseAccess):
     def can_add(self, data):
         # If no data is specified, just checking for generic add permission?
         if not data:
-            return Organization.accessible_objects(self.user, 'admin_role').exists()
+            return Organization.accessible_objects(self.user, 'inventory_admin_role').exists()
 
-        return self.check_related('organization', Organization, data)
+        return self.check_related('organization', Organization, data, role_field='inventory_admin_role')
 
     @check_superuser
     def can_change(self, obj, data):

awx/main/models/inventory.py

@@ -132,7 +132,7 @@ class Inventory(CommonModelNameNotUnique, ResourceMixin):
         blank=True,
     )
     admin_role = ImplicitRoleField(
-        parent_role='organization.admin_role',
+        parent_role='organization.inventory_admin_role',
     )
     update_role = ImplicitRoleField(
         parent_role='admin_role',

awx/main/models/rbac.py

@@ -38,6 +38,7 @@ role_names = {
     'adhoc_role'           : _('Ad Hoc'),
     'admin_role'           : _('Admin'),
     'project_admin_role'   : _('Project Admin'),
+    'inventory_admin_role' : _('Inventory Admin'),
     'auditor_role'         : _('Auditor'),
     'execute_role'         : _('Execute'),
     'member_role'          : _('Member'),
@@ -52,6 +53,7 @@ role_descriptions = {
     'adhoc_role'           : _('May run ad hoc commands on an inventory'),
     'admin_role'           : _('Can manage all aspects of the %s'),
     'project_admin_role'   : _('Can manage all projects of the %s'),
+    'inventory_admin_role' : _('Can manage all inventories of the %s'),
     'auditor_role'         : _('Can view all settings for the %s'),
     'execute_role'         : _('May run the %s'),
     'member_role'          : _('User is a member of the %s'),