I'm looking at the rbac configuration file and there seems to be mostly groups allowed to run playbook.
Should I just grant @asamalik this playbook or do we want to create a new sysadmin-docs group?

+1 for sysadmin-docs group and perhaps adding also @pbokoc ? Or at least someone else also in case... :)

I wanted to add @pbokoc but apparently he needs to be added to the sysadmin group first and seeing the number of emails that comes with this, I'd rather way for him to agree :)

Group has been created, rbac's configuration has been adjusted.

You should be all set!

I'm actually going to close this ticket, but as @kevin suggested, I encourage you to reach out to @pbokoc to see about adding him to the group so he can also run that playbook when needed.

It doesn't seem to work :(

[asamalik@batcave01 ~][PROD]$ sudo rbac-playbook openshift-apps/docsbuilding.yml
Password+Token: 
user asamalik is not authorized to run openshift-apps/docsbuilding.yml

It looks like your group membership had not been propagated.

I checked with groups asamalik which didn't show sysadmin-docs, so I ran fasClient: ansible batcave -m shell -a 'fasClient -if' and checking again with the groups asamalik command it shows the missing group.

Could you try again?

Thanks

Yep, now it run, and I've checked OpenShift and the result is there! Thanks!