Differences

This shows you the differences between two versions of the page.

--- wiki:rundeck_add_new_role_acl_policy [2022/10/28 13:59] – created antisa
+++ wiki:rundeck_add_new_role_acl_policy [2024/05/13 11:39] (current) – [Tested on] add version antisa
@@ Line 1: / Line 1: @@
-{{tag>rundeck}}
+{{tag>rundeck acl}}
 ====== Rundeck add new role ACL policy  ======
@@ Line 17: / Line 17: @@
       allow: 'read'
   adhoc:
-    - allow: 'read'
+    - deny: run
   job:
     - equals:
@@ Line 36: / Line 36: @@
     - match:
         name: 'Backend'
+      allow: 'read'
+  storage: # allow access to ssh key
+    - match:
+        path: 'keys/ssh_privkey'
       allow: 'read'
 by:
@@ Line 43: / Line 47: @@
 Now create new user that belongs to the editor group in rundeck's //realm.properties// file, e.g.
   newuser:password1234,editor
+===== Allow access to all jobs under Backend project =====
+In job section above, don't match on name, so that part would go like
+<code yaml>
+  ...
+  job:
+    - allow: [read,run,kill,killAs]
+  ...
+</code>
 ====== Tested on ======
-  * Rundeck 4.5.0 (docker container)
+  * Rundeck (docker container) 4.5.0, 4.16.0
 ====== See also ======
@@ Line 51: / Line 65: @@
 ====== References ======
+  * https://resources.rundeck.com/learning/acl-policy-files-by-example/
   * https://docs.rundeck.com/docs/administration/security/authorization.html#rundeck-resource-authorizations
+  * https://kcaps.medium.com/rundeck-key-storage-acl-grant-access-to-path-27da34345220