Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Rudder plugin: API Authorizations

This project is part of Rudder - Continuous configuration for effective compliance

Rudder is an easy to use, web-driven, role-based solution for IT Infrastructure Automation & Compliance.

See: http://rudder-project.org for more information.


This plugin provides fine grained Access Control List on APIs. It also allows registered Rudder users to get private token with the same rights as their role allows.


You can log information about ACL (behavior and errors) by adding the following lines in your logback.xml file:

      API ACLs
      Information about ALC evalutation for APIs.

      This logger allows to get extra information about API
      ACLs resolution.

  <logger name="api-acl" level="off" />

API Authorizations

User personnal API Token

When you use api-authorizations plugin, any logged user can get a personnal API token by clicking on its login information:

User requesting a personnal API token

Once you click on the button, you get you personnal API token that can get revoked at any time:

Personnal API token information

The user can use that token to execute API requests for the same action that his role allows him to do:

Personnal API token information

These actions are recorded as done by the user owning the API token in Rudder events log:

Personnal API token information


The plugin also allows to configure fine grained access control for a token. By selecting "Custom ACL" access level, you can choose what endpoints are accessible for that API token.

For example, you can create an API token which can only access compliance information:

Create a new API token with "ACL" access level

And only authorize access to compliance endpoints

That token can of course access compliance related endpoints:

Token can access compliance information

But if it tries to access an other endpoint, it get an authorization error:

Token is not authorized to access directives information