User Tools

Site Tools


wiki:rundeck_add_new_role_acl_policy

Rundeck add new role ACL policy

Log in to rundeck and go to Settings > Access control > Create ACL policy and paste the ACL configuration. Here is an example for “editor” role user having access to Backend project and being able to run “Sync” job:

description: Editor
context:
  project: 'Backend'
for:
  resource:
    - equals:
        kind: event
      allow: 'read'
    - equals:
        kind: node
      allow: 'read'
  adhoc:
    - deny: run
  job:
    - equals:
        name: 'Sync'
      allow: [read,run,kill,killAs]
  node:
    - allow: [read,run,kill,killAs]
by:
  group: editor
 
---

description: Allow editors to actually see the above jobs
context:
  application: 'rundeck'
for:
  project:
    - match:
        name: 'Backend'
      allow: 'read'
  storage: # allow access to ssh key
    - match:
        path: 'keys/ssh_privkey'
      allow: 'read'
by:
  group: editor

Now create new user that belongs to the editor group in rundeck's realm.properties file, e.g.

newuser:password1234,editor

Allow access to all jobs under Backend project

In job section above, don't match on name, so that part would go like

  ...
  job:
    - allow: [read,run,kill,killAs]
  ...

Tested on

  • Rundeck (docker container) 4.5.0, 4.16.0

See also

References

wiki/rundeck_add_new_role_acl_policy.txt · Last modified: 2024/05/13 11:39 by antisa

Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki