Make controller specific team and org roles (#15445)

Adds the following managed Role Definitions Controller Team Admin Controller Team Member Controller Organization Admin Controller Organization Member These have the same permission set as the platform roles (without the Controller prefix) Adding members to teams and orgs via the legacy RBAC system will use these role definitions. Other changes: - Bump DAB to 2024.08.22 - Set ALLOW_LOCAL_ASSIGNING_JWT_ROLES to False in defaults.py. This setting prevents assignments to the platform roles (e.g. Team Member). Signed-off-by: Seth Foster <fosterbseth@gmail.com>
2026-02-20 20:50:06 -03:30 · 2024-08-22 15:41:54 -04:00
parent 78f345c486
commit 7ed0eee60c
8 changed files with 183 additions and 5 deletions
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -660,6 +660,9 @@ AWX_AUTO_DEPROVISION_INSTANCES = False
 # e.g. organizations, teams, and users
 ALLOW_LOCAL_RESOURCE_MANAGEMENT = True

+# If True, allow users to be assigned to roles that were created via JWT
+ALLOW_LOCAL_ASSIGNING_JWT_ROLES = False
+
 # Enable Pendo on the UI, possible values are 'off', 'anonymous', and 'detailed'
 # Note: This setting may be overridden by database settings.
 PENDO_TRACKING_STATE = "off"