Description of problem:
Ansible variable override behaves differently with default Remote Execution User role when compared with the admin user

Version-Release number of selected component (if applicable):
Satellite 6.13

How reproducible:
100%

Steps to Reproduce:
1. Create a dummy ansible role and import into Satellite

   # cd /etc/ansible/roles
   # ansible-galaxy init demo
   # vi demo/defaults/main.yml
   ---
   message: 'Default Value'

   # vi demo/tasks/main.yml
   ---
   - name: Copy file
     copy:
       dest: /root/file.txt
       content: "{{ message }}" 

2. Over-ride the ansible variable for a hostname client.example.com to something else

    Configure > Variables > click on the "message" variable > click on "Override" checkbox > Add matcher > attribute type : FQDN = client.example.com and specify a over-ride value "Override Value"

3. Create a rexuser and associate it with the "Remote Execution User"

4. Now login with the "rexuser" and run the Ansible role, the message value should match with the over-ride, however the value is set to the default value.


Actual results:
Override behaves differently with default REX role and admin roles


Expected results:
Why these additional permissions are required when a matcher is set, if its required the default REX User role should be modified accordingly

Additional info:

When you add additional permission filter as below

  Ansible Role: "view_ansible_roles"
  Ansible Variable: "view_ansible_variable"
  Parameter: "view_params"

After adding this the variables are correctly over-ride as per matchers.