You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This feature request is to enable system admins to restrict the ability of Org Admins to create local users. This could be a global switch to turn on or off the ability to create local user accounts, or to restrict this feature to System Admins.
The use case is that we may have many Tower Orgs for different teams and areas in our Organisation. Our Organisation maintains strict User Access Control definitions and local user accounts are prohibited. Due to the effort involved in maintaining RBAC across different teams we hand the Tower Organisation RBAC to each Tower Org themselves, but currently are not able to restrict the creation of local user accounts.
The text was updated successfully, but these errors were encountered:
ISSUE TYPE
SUMMARY
One of the Tower Security Best Practices (https://docs.ansible.com/ansible-tower/latest/html/administration/security_best_practices.html#id6) is to 'minimize local system access'. However there is no way to actually control this. Org admins have control to create new local users with no password complexity requirements.
This feature request is to enable system admins to restrict the ability of Org Admins to create local users. This could be a global switch to turn on or off the ability to create local user accounts, or to restrict this feature to System Admins.
The use case is that we may have many Tower Orgs for different teams and areas in our Organisation. Our Organisation maintains strict User Access Control definitions and local user accounts are prohibited. Due to the effort involved in maintaining RBAC across different teams we hand the Tower Organisation RBAC to each Tower Org themselves, but currently are not able to restrict the creation of local user accounts.
The text was updated successfully, but these errors were encountered: