Merge pull request #2185 from rlopez133/aap25_ch2.5_rbac

adding updates to rbac section 2.5

exercises/ansible_rhel/2.5-rbac/README.md

@@ -1,138 +1,103 @@
-# Workshop Exercise - Role-based access control
+# Workshop Exercise - Role-based Access Control (RBAC)
 
 **Read this in other languages**:
 <br>![uk](../../../images/uk.png) [English](README.md),  ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md), ![france](../../../images/fr.png) [Française](README.fr.md), ![Español](../../../images/col.png) [Español](README.es.md).
 
-## Table Contents
+## Table of Contents
 
 * [Objective](#objective)
 * [Guide](#guide)
-* [Ansible automation controller users](#ansible-automation-controller-users)
-* [Ansible automation controller teams](#ansible-automation-controller-teams)
-* [Granting permissions](#granting-permissions)
-* [Test permissions](#test-permissions)
+  * [Ansible Automation Controller Users](#ansible-automation-controller-users)
+  * [Ansible Automation Controller Teams](#ansible-automation-controller-teams)
+  * [Granting Permissions](#granting-permissions)
+  * [Testing Permissions](#test-permissions)
 
-## Objective
-
-You have already learned how Ansible automation controller separates credentials from users. Another advantage of Ansible automation controller is the user and group rights management.  This exercise demonstrates Role Based Access Control (RBAC)
-
-## Guide
-
-### Ansible automation controller users
-
-There are three types of automation controller users:
-
-* **Normal User**: Have read and write access limited to the inventory and projects for which that user has been granted the appropriate roles and privileges.
-
-* **System Auditor**: Auditors implicitly inherit the read-only capability for all objects within the automation controller environment.
-
-* **System Administrator**: Has admin, read, and write privileges over the entire automation controller installation.
-
-Let’s create a user:
-
-* In the automation controller menu under **Access** click **Users**
-
-* Click the **Add** button
-
-* Fill in the values for the new user:
+---
 
-<table>
-  <tr>
-    <th>Parameter</th>
-    <th>Value</th>
-  </tr>
-  <tr>
-    <td>Username</td>
-    <td>wweb</td>
-  </tr>
-  <tr>
-    <td>Email</td>
-    <td>wweb@example.com</td>
-  </tr>
-  <tr>
-    <td>Password</td>
-    <td>ansible</td>
-  </tr>
-  <tr>
-    <td>Confirm Password</td>
-    <td>ansible</td>
-  </tr>
-  <tr>
-    <td>First Name</td>
-    <td>Werner</td>
-  </tr>
-  <tr>
-    <td>Last Name</td>
-    <td>Web</td>
-  </tr>
-  <tr>
-    <td>Organization</td>
-    <td>Default</td>
-  </tr>
-  <tr>
-    <td>User Type</td>
-    <td>Normal User</td>
-  </tr>
-</table>
+## Objective
 
-* Click **Save**
+In this exercise, you'll explore how Ansible Automation Controller handles user and group management through Role-Based Access Control (RBAC). This ensures proper delegation of rights while keeping automation secure.
 
-### Ansible automation controller teams
+---
 
-A Team is a subdivision of an organization with associated users, projects, credentials, and permissions. Teams provide a means to implement role-based access control schemes and delegate responsibilities across organizations. For instance, permissions may be granted to a whole Team rather than each user on the Team.
+## Guide
 
-Create a Team:
+### Ansible Automation Controller Users
 
-* In the menu go to **Access → Teams**
+There are three types of users in Ansible Automation Controller:
 
-* Click the **Add** button and create a team named `Web Content` within the `Default` Organization.
+* **Normal User**: Has read and write access limited to assigned inventories and projects.
+* **Ansible Automation Platform Auditor**: Read-only access to all objects within the automation controller environment.
+* **Ansible Automation Platform Administrator**: Full admin privileges over the entire automation controller installation.
 
-* Click **Save**
+Let's create a user:
 
-Add a user to the team:
+1. Navigate to **Access Management -> Users**.
+2. Click the **Create user** button.
+3. Fill in the following values:
 
-* Click on the team `Web Content` and click the **Access** tab and click **Add**.
+   | Parameter       | Value           |
+   |-----------------|-----------------|
+   | Username        | wweb            |
+   | Password        | ansible         |
+   | Confirm Password| ansible         |
+   | First Name      | Werner          |
+   | Last Name       | Web             |
+   | Email           | wweb@example.com |
+   | Organization    | Default         |
+   | User Type       | Normal User     |
 
-* Within the **Select a Resource Type** window, click on the **Users** resource type and click **Next**.
+4. Click **Create user**.
 
-* Within the **Select Items from List**, select the checkbox next to the `wweb` user and click **Next**.
+![create user](images/create_user.png)
 
-* Within the **Select Roles to Apply**, select **Member** as the role to apply to the `wweb` user.
+---
 
-Click **Save**.
+### Ansible Automation Controller Teams
 
-Permissions allow to read, modify, and administer projects, inventories, and other automation controller elements. Permissions can be set for different resources.
+Teams are subdivisions of an organization that include users, projects, credentials, and permissions, helping to implement RBAC efficiently.
 
-### Granting permissions
+**Create a Team:**
 
-To allow users or teams to actually do something, you have to set permissions. The user **wweb** should only be allowed to modify content of the assigned webservers.
+1. Navigate to **Access Management -> Teams**.
+2. Click the **Create team** button and create a team named `Web Content` within the `Default` organization.
+3. Click **Create team**.
 
-Add the permission to use the `Create index.html` template:
+**Add a User to the Team:**
 
-* Within **Resources** -> **Templates**, select `Create index.html`. 
+1. Select the `Web Content` team.
+2. Go to the **Users** tab and click **Add users**.
+3. In the **Add users** window, choose **wweb**, then click **Add users**.
 
-* Select **Access** tab from the menu and click **Add**.
+![add user](images/add_user.png)
 
-* Within the **Select a Resource Type** window, click on the **Users** resource type and click **Next**.
+---
 
-* Within the **Select Items from List**, select the checkbox next to the `wweb` user and click **Next**.
+### Granting Permissions
 
-* Within the **Select Roles to Apply**, select **Read** and **Execute** as the roles to apply to the `wweb` user.
+To grant users the ability to execute tasks, permissions need to be set.
 
-* Click **Save**
+**Grant Permission to Use a Template:**
 
-### Test permissions
+1. Navigate to **Automation Execution -> Templates**.
+2. Select the template `Create index.html`.
+3. Click the **User Access** tab.
+4. Click **Add roles**.
+5. Select the `wweb` user and click **Next**.
+6. Choose the roles **JobTemplate Admin** and/or **JobTemplate Execute**, depending on the required level of access, click **Next**.
+7. Review the selections and click **Finish**.
 
-Now log out of automation controller’s web UI and in again as the **wweb** user.
+---
 
-* Go to the **Templates** view, you should notice for wweb only the `Create
-  index.html` template is listed. He is allowed to view and launch, but not to edit the Template (no Edit button available).
+### Testing Permissions
 
-* Run the Job Template by clicking the rocket icon. Enter the values for the survey questions and launch the job.
+Now, log out and log in again as the `wweb` user.
 
-* In the following **Jobs** view have a good look around, note that there where changes to the host (as expected).
+1. Navigate to **Templates**. You should only see the `Create index.html` template listed.
+2. Run the job by clicking the rocket icon. Enter the required values for the survey questions and launch the job.
+3. After completion, check the **Jobs** view for the expected changes.
 
-Check the result: execute `curl` again on the control host to pull the content of the webserver on `node1` (you could of course check `node2` and `node3`, too):
+To verify the result, use `curl` on the control host to check the webserver content on `node1`:
 
 ```bash
 #> curl http://node1