Table of Contents

,

Rundeck add new role ACL policy

Log in to rundeck and go to Settings > Access control > Create ACL policy and paste the ACL configuration. Here is an example for “editor” role user having access to Backend project and being able to run “Sync” job:

description: Editor
context:
  project: 'Backend'
for:
  resource:
    - equals:
        kind: event
      allow: 'read'
    - equals:
        kind: node
      allow: 'read'
  adhoc:
    - deny: run
  job:
    - equals:
        name: 'Sync'
      allow: [read,run,kill,killAs]
  node:
    - allow: [read,run,kill,killAs]
by:
  group: editor
 
---

description: Allow editors to actually see the above jobs
context:
  application: 'rundeck'
for:
  project:
    - match:
        name: 'Backend'
      allow: 'read'
  storage: # allow access to ssh key
    - match:
        path: 'keys/ssh_privkey'
      allow: 'read'
by:
  group: editor

Now create new user that belongs to the editor group in rundeck's realm.properties file, e.g.

newuser:password1234,editor

Allow access to all jobs under Backend project

In job section above, don't match on name, so that part would go like

  ...
  job:
    - allow: [read,run,kill,killAs]
  ...

Tested on

See also

References