Problem:
I defined a job which is executed from foreman on the remote host.
It works as expected, however, I would like to additionally hide or don’t let user to change anything in “Advanced fields”.
By default user can change for instance SSH user, password, concurrency level and so on.
Is it possible to block it and make all these fields read-only for an user who is added to the certain user group and role?
Foreman and Proxy versions:
3.13
No, there is no setting, filter (affecting the role and permission) or option on the job template to do so. Only option you can turn not overrideable is the effective user on the Job template.
Just curious about the reasoning. Did this already happen or do you only want to be extra save? In most environments I did only see admins which know what they do use jobs or at least those that would not keeping hands of something like advanced fields. I do not say this would be of no use, but it simply did not come up yet for me.
Hey, Thanks for replying.
Yes I would like to be extra safe, because some tasks will be executed by level 1 support team, which are not admins and they don’t have foreman expertise.
I don’t know if they can do any harm though by using Advanced fields?
Most would only make the job fail. Using a different effective user could cause some problems with permissions after the job was executed or for the job run itself. Concurrency could overload Foreman, a Smart proxy or other resources, but I have the feeling this is unlikely.
With first level support I would expect them to keep fingers away from those fields. When I have given user training for these people, they tended to be happy with adjusting as less as possible and simply execute things as told or better documented.
Thanks, it ends this discussion 