Assign an organization to instance groups to help manage permissions

[AlanCoding]

Please confirm the following

• [X] I agree to follow this project's code of conduct.
• [X] I have checked the current issues for duplicates.
• [X] I understand that AWX is open source software provided for free and that I might not receive a timely response.

Feature type

New Feature

Feature Summary

Followup from https://github.com/ansible/awx/issues/4292 where roles were added to instance groups. Right now these roles only inherit permissions from system admin and system auditor.

Taken from comments in that issue - this issue proposes to add an organization field onto the InstanceGroup model so that the instance group roles can automatically inherit from organization roles, including admin_role, auditor_role, and optionally a new instance_group_admin role.

Select the relevant components

• [ ] UI
• [X] API
• [ ] Docs
• [ ] Collection
• [ ] CLI
• [ ] Other

Steps to reproduce

N/A

Current results

Right now instance group permissions can only be delegated by adding roles directly to users or teams.

Sugested feature result

Assigning the organization field on instance groups will cause the instance group roles to inherit from org roles

• admin_role will inherit from organization admin_role
• read_role will inherit from organization auditor_role

Additional information

No response

[youtous]

+1, until implemented I've created a workaround script https://github.com/youtous/awx-ig-org-sync