Created
July 19, 2017 01:53
-
-
Save ericrdgz/f567492629dc8f1bd952b9c3ffd3b89a to your computer and use it in GitHub Desktop.
/etc/rundeck/rundeckusers.aclpolicy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
description: Admin project level access control. Applies to resources within a specific project. | |
context: | |
project: '.*' # all projects | |
for: | |
resource: | |
- equals: | |
kind: job | |
allow: [create] # allow create jobs | |
- equals: | |
kind: node | |
allow: [read,create,update,refresh] # allow refresh node sources | |
- equals: | |
kind: event | |
allow: [read,create] # allow read/create events | |
adhoc: | |
- allow: [read,run,runAs,kill,killAs] # allow running/killing adhoc jobs | |
job: | |
- allow: [create,read,update,delete,run,runAs,kill,killAs] # allow create/read/write/delete/run/kill of all jobs | |
node: | |
- allow: [read,run] # allow read/run for nodes | |
by: | |
group: [rundeckusers] | |
--- | |
description: Admin Application level access control, applies to creating/deleting projects, admin of user profiles, viewing projects and reading system information. | |
context: | |
application: 'rundeck' | |
for: | |
resource: | |
- equals: | |
kind: project | |
allow: [create] # allow create of projects | |
- equals: | |
kind: system | |
allow: [read] # allow read of system info | |
- equals: | |
kind: user | |
allow: [admin] # allow modify user profiles | |
project: | |
- match: | |
name: '.*' | |
allow: [read,import,export,configure,delete] # allow full access of all projects or use 'admin' | |
storage: | |
- allow: [read,create,update,delete] # allow access for /ssh-key/* storage content | |
by: | |
group: [rundeckusers] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment