Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New ACL for job writers #5078 #5176

Merged
merged 1 commit into from Aug 26, 2019

Conversation

@jtobard
Copy link
Contributor

jtobard commented Aug 21, 2019

New ACL scm_import and scm_export allow users to use SCM actions using without having the import or export rule (permissions used in exporting and importing project files).

Example of job writer able to export and import using scm but not export and import project files:

description: Global write permissions to job_writer role
context:
  project: '.*'
for:
  resource:
  - equals:
      kind: 'node'
    allow: [read,refresh]
  - equals:
      kind: job
    allow: [create, delete]
  - equals:
      kind: event
    allow: [read]
  job:
  - allow: [create,read,update,delete,run,kill,scm_update, scm_create, scm_delete, admin]
    match:
      name: '.*'
  node:
  - allow: [read, run, refresh]
    match:
      nodename: '.*'
  project:
    - match:
        name: '.*'
      allow: [read]
  system:
    - match:
        name: '.*'
      allow: [read]
by:
  group: job_writer
---
by:
  group: job_writer
description: Job Writer
for:
  resource:
  - allow:
    - admin
    equals:
      kind: job
  project:
    - allow: [read,view,scm_import, scm_export]
  storage:
    - allow: [read]
context:
  application: rundeck

This is the job writer view, without project admin but with the icons of SCM actions:
job_writer_view

…ort allow users to scm actions using without having the import or export permission, used to work with project files
@jtobard

This comment has been minimized.

Copy link
Contributor Author

jtobard commented Aug 21, 2019

Documentation: rundeck/docs-vuepress#8

@jtobard jtobard requested a review from ltamaster Aug 21, 2019
Copy link
Contributor

ltamaster left a comment

LGTM

@ltamaster ltamaster merged commit 71de6ee into master Aug 26, 2019
21 checks passed
21 checks passed
Mergeable Mergeable Run has been Completed!
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
security/snyk - build.gradle (rundeck) No manifest changes detected
security/snyk - core/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/copyfile-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/flow-control-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/git-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/jasypt-encryption-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/job-state-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/localexec-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/orchestrator-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/script-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/source-refresh-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/stub-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/upvar-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - rundeck-storage/build.gradle (rundeck) No manifest changes detected
security/snyk - rundeckapp/build.gradle (rundeck) No manifest changes detected
security/snyk - rundeckapp/grails-spa/package.json (rundeck) No manifest changes detected
security/snyk - rundeckapp/metricsweb/build.gradle (rundeck) No manifest changes detected
@ltamaster ltamaster deleted the issue/5078 branch Aug 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.