From ec210427ecc99558af94dd9e427dcb10d4a19c63 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 17 May 2021 09:31:27 -0700
Subject: [PATCH] batcave: allow sysadmin to read rbac-playbook config

This should allow folks in the sysadmin group to read (but not write)
the rbac-playbook config. This should allow folks to more easily tell
who is granted rights to run some playbook.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/batcave/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/batcave/tasks/main.yml b/roles/batcave/tasks/main.yml
index bdf78d20a1..68e3ddc8c0 100644
--- a/roles/batcave/tasks/main.yml
+++ b/roles/batcave/tasks/main.yml
@@ -430,7 +430,7 @@
 #
 
 - name: install the ansible_utils/rbac config
-  copy: src={{ private }}/files/rbac/rbac.yaml dest=/etc/ansible_utils/rbac.yaml mode=0500
+  copy: src={{ private }}/files/rbac/rbac.yaml dest=/etc/ansible_utils/rbac.yaml mode=0540 group=sysadmin
   tags:
   - rbac
   - batcave