Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
113 lines (99 sloc) 1.79 KB

Example RBAC roles

Allow all

{
    "version": "2017-05-05",
    "statement": [
        {
            "effect": "allow",
            "action": "*",
            "resource": "*"
        }
    ]
}

Allow UI login

{
    "version": "2017-05-05",
    "statement": [
        {
            "effect": "allow",
            "action": "view:user.login",
            "resource": "*"
        }
    ]
}

Deny credentials

{
    "version": "2017-05-05",
    "statement": [
        {
            "effect": "allow",
            "action": "*",
            "resource": "*"
        },
        {
            "effect": "deny",
            "action": "*:credentials",
            "resource": ["AKIAJ7Z8PGXEZTIJOL6IQ"]
        }
    ]
}

Deny list stacks

{
    "version": "2017-05-05",
    "statement": [
        {
            "effect": "allow",
            "action": "*",
            "resource": "*"
        },
        {
            "effect": "deny",
            "action": "view:alm.stack",
            "resource": "*"
        }
    ]
}

Deny list stacks by resource

{
    "version": "2017-05-05",
    "statement": [
        {
            "effect": "allow",
            "action": "*",
            "resource": "*"
        },
        {
            "effect": "deny",
            "action": "view:alm.stack",
            "resource": ["mo-590fdb7bad55s-tJZpgRCBs-tk", "mo-590fdb7bad55s-ugMgQQ1TE-tk"]
        }
    ]
}

Deny deleting stacks by resource

{
    "version": "2017-05-05",
    "statement": [
        {
            "effect": "allow",
            "action": "*",
            "resource": "*"
        },
        {
            "effect": "deny",
            "action": "delete:alm.stack",
            "resource": ["mo-590fdb7bad55s-tJZpgRCBs-tk"]
        }
    ]
}