awx Permission error on relaunch job_templates with Execute permissions

ISSUE TYPE

Bug Report

SUMMARY

A user has Execute permission on a job_template. This user is permitted to run a job_templates. This user is not permitted to relaunch this job_templates.

ENVIRONMENT

AWX version: 3.0.1
AWX install method: docker on linux
Ansible version: 2.7.7
Operating System: centos7
Web Browser: Chrome v63.0

STEPS TO REPRODUCE

Create a user with Execute permission on a job_template. Capture3

Run a template that failed relaunch this template Capture1

a popup is displayed

EXPECTED RESULTS

The job_template is supposed to be executed

ACTUAL RESULTS

Capture2

ADDITIONAL INFORMATION

May 03 '19 12:05 tota45

Who was the original job launched by, and is that different from the user relaunching the job? What prompts were provided when originally launching? Also, https://github.com/ansible/awx/pull/3783 may have changed this.

May 06 '19 19:05 AlanCoding

The user is an "ldap" user. It is the same user that launches the job then relaunch the job. I do not test yet with AWX 4.0

May 17 '19 10:05 tota45

Does the UI show that the original job was launched by this user? (API field created_by in the job entry)

If that field is wrong, then we would need to address that. It would also be helpful to know if the job template has a survey, and if so, what type of questions are used in the survey.

May 17 '19 12:05 AlanCoding

@tota45 Are you still seeing this issue?

Jul 12 '19 18:07 ghjm

I upgrade AWX to 6.0 and the bug has evolved. At now: 1- An 'execute permissions' user run a template that failed. This user re-run this template thanks to 'relaunch on' button => OK, no more issue 2 - An 'execute permissions' user run a workflow that failed. This user re-run the template that failed on the workflow=> KO permission popup appears

Yes the template has a survey.

Jul 17 '19 13:07 tota45

Were survey passwords provided by a different user for that survey run?

Sep 20 '19 19:09 wenottingham

2 - An 'execute permissions' user run a workflow that failed. This user re-run the template that failed on the workflow=> KO permission popup appears

Could you give us the response text from when this error was obtained? I'm not sure where to start looking right now.

Oct 10 '19 02:10 AlanCoding

I still see this issue, here are the steps to reproduce:

As the admin user create a job template that has a survey with an optional password field. Set the job template to run a playbook that will fail.
Create an user and set the execute permission to the previously created template.
As the user that has execute permission. Launch the job and it will fail.
Relaunch the job and select either all or failed, the relaunched job will fail.
Try to relaunch the failed relaunched job and the message ERROR! Job was launched with prompted fields. You do not have permission to related resources. will be presented. The user should be able to relaunch it since it was the user that launched it and also no secret field was provided on the survey.

Oct 24 '19 19:10 elyezer

I still see the issue as described by @elyezer with version AWX 13.0.0 (Ansible 2.9.11).

Dec 23 '20 09:12 netixx

Still an issue with AWX 24.6.1, including job/workflow templates that have no surveys but prompt for fields. In testing, I was able to circumvent the error by granting the team/user the 'execute' role for the organization.

Jan 03 '25 08:01 81Denton

I had a similar issue, it seems to have been due to the fact the playbook has started with the input variables set by the webhook, and the user was unable to retry that with the same error. after enabling prompt on launch for variables, they were able to retry the jobs, not sure if it will fix all your issues but its a starting point

Apr 14 '25 11:04 RBROL03385