Awx: RFE: Read RBAC role should be assignable through the UI

Also noteworthy, READ roles (permissions) was available through the UI in previous versions.

Yes, it was removed because for a large subset of resources, 'read' role is mostly useless, even if it exists in the model.

It may have a use solely for inventory and projects, and possibly job templates. I'm still curious the use case for assigning read-only access to individual items - what are they trying to enable for their users?

You are correct. There is a need solely for inventory, projects and job templates. Cross functional teams within large organizations hoping to collaborate without infringing on each others duties while complying to segregation of duties becomes very challenging. READ is a great way to share work without adding risk. And the auditor role does it at an Organization level, but there are times we do not want to share ALL objects within the org (eg. sometimes we might just want to grant READ only to just one Project).

@SpeedRacerrr I'm looking for this feature too. I work in operations team, and I need to give read-only permissions for job runs to some users (developers) to let them see the execution log of some migrations that they are running through a CI/CD workflow, and I don't want to give them execute permissions for obvious reasons. If there is a work arround to do this, let us know.

In the meantime, I'm trying to do something like this using bamboo and tower-cli.

Any update with this issue? Or if there is a workarround please tell. thanks! @wenottingham @matburt

This was fixed in a downstream branch and will be merged into AWX in the near future.

We've just released 1.0.7, which we believe resolves the underlying issue here. You can try it out here: https://github.com/ansible/awx/releases/tag/1.0.7

Let us know if you're still seeing this issue after installing the latest awx - thanks!