{{tag>rundeck acl}}

====== Rundeck add new role ACL policy  ======
Log in to rundeck and go to //Settings > Access control > Create ACL policy// and paste the ACL configuration. Here is an example for "editor" role user having access to Backend project and being able to run "Sync" job:

<code yaml>
description: Editor
context:
  project: 'Backend'
for:
  resource:
    - equals:
        kind: event
      allow: 'read'
    - equals:
        kind: node
      allow: 'read'
  adhoc:
    - deny: run
  job:
    - equals:
        name: 'Sync'
      allow: [read,run,kill,killAs]
  node:
    - allow: [read,run,kill,killAs]
by:
  group: editor

---

description: Allow editors to actually see the above jobs
context:
  application: 'rundeck'
for:
  project:
    - match:
        name: 'Backend'
      allow: 'read'
  storage: # allow access to ssh key
    - match:
        path: 'keys/ssh_privkey'
      allow: 'read'
by:
  group: editor
</code>

Now create new user that belongs to the editor group in rundeck's //realm.properties// file, e.g.
  newuser:password1234,editor

===== Allow access to all jobs under Backend project =====
In job section above, don't match on name, so that part would go like

<code yaml>
  ...
  job:
    - allow: [read,run,kill,killAs]
  ...
</code>

====== Tested on ======
  * Rundeck (docker container) 4.5.0, 4.16.0 

====== See also ======
  * 

====== References ======
  * https://resources.rundeck.com/learning/acl-policy-files-by-example/
  * https://docs.rundeck.com/docs/administration/security/authorization.html#rundeck-resource-authorizations
  * https://kcaps.medium.com/rundeck-key-storage-acl-grant-access-to-path-27da34345220