Interesting, had not noticed that limitation (didn't know you could assign a role to super-admin at all!). Personally I don't know a UI-driven way.
Looks like it was vaguely discussed as part of https://github.com/gocd/gocd/issues/3712 but I cannot see that possibility to map that within the Role Management page, nor a specific open issue/feature request for that. I believe there were a number of aspects of more granular auth for global entities <https://github.com/gocd/gocd/issues/7222> that wasn't necessarily completed, but I think this work was intended to reduce the need for super-admins in general. Keep in mind this work was mainly happening in H2 2019 and Thoughtworks announced closure of studios for end 2020 on Nov 18 2019. I believe the focus went to open sourcing pieces in H1 2020 so this possibly never got to its full vision :-). Having said that, from your other post it appears you are on a very old GoCD version so I am not sure if what you are seeing is the same as what I am seeing now. In any case, you may wish to update to (or play with a trial of) a later version to see if a sufficient number of global entities can be directly delegated to roles such that the super-admin permissions are much less necessary than earlier, and perhaps less necessary to map to roles frequently. I believe it at least supports environments/cluster profiles/elastic profiles/pipeline groups. -Chad On Sat, Jun 1, 2024 at 4:22 AM Jason Smyth <jsm...@taqauto.com> wrote: > Hi everyone, > > We are looking to improve our GoCD permissions management by using more > role-based permissions. > > > The role-based security documentation > <https://docs.gocd.org/19.8.0/configuration/dev_authorization.html#role-based-security> > states > that it is possible to add a role to the server's security node admin list > and that all users of the role will inherit admin permissions. > > We tested this and it seems to work as described, however I am unable to > find a mechanism for managing this within GoCD. I was only able to get it > working by manually editing the cruise-config.xml file. > > Am I missing something, or is this really the only way to manage > role-based administrative access to GoCD? > > Thanks in advance, > Jason > > -- > You received this message because you are subscribed to the Google Groups > "go-cd" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to go-cd+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/go-cd/15df8afb-fa71-4d37-aa5d-a1d01939cb5cn%40googlegroups.com > <https://groups.google.com/d/msgid/go-cd/15df8afb-fa71-4d37-aa5d-a1d01939cb5cn%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/CAA1RwH-oabmFNK2aPWEE8hr2dXmnoX_oX6HBHsBsX1O%2BKXPeOw%40mail.gmail.com.
