There are a lot of jobs. But I will focus on the ones we are working on. These are the 3 we are having issues with. It seems this user is getting stopped by the first ACL for some of the jobs but others he is not.
description: .* project level access control
context:
project: '.*' # all projects
for:
resource:
- equals:
kind: job
allow: [read] # allow create and delete jobs
- equals:
kind: node
allow: [read] # allow refresh node sources
- equals:
kind: event
allow: [read] # allow read/create events
adhoc:
- allow: [disable_executions] # disable adhoc jobs
job:
- allow: [read] # allow create/read/write/delete/run/kill of all jobs
node:
- allow: [read] # allow read/run for all nodes
by:
group: AD_Group_RundeckUsers
---
description: API Application level access control
context:
application: 'rundeck'
for:
resource:
- equals:
kind: system
allow: [read,enable_executions] # allow read of system info
project:
- match:
name: '.*'
allow: [read] # allow view of all projects
by:
group:
AD_Group_RundeckUsers
description: Group project level access control
context:
project: 'Group' # all projects
for:
resource:
- equals:
kind: job
allow: [read] # allow create and delete jobs
- equals:
kind: node
allow: [read,refresh] # allow refresh node sources
- equals:
kind: event
allow: [read,create] # allow read/create events
adhoc:
- allow: [disable_executions] # disable adhoc jobs
job:
- allow: [read,run,kill] # allow create/read/write/delete/run/kill of all jobs
node:
- allow: [read,run] # allow read/run for all nodes
by:
group: G_Group2
---
description: API Application level access control
context:
application: 'rundeck'
for:
resource:
- equals:
kind: system
allow: [read,enable_executions] # allow read of system info
project:
- match:
name: 'Project2'
allow: [read] # allow view of all projects
by:
group: G_Group2
---
description: Group_key
by:
group: G_Group2
for:
storage:
- match:
path: 'keys/PDI/.*'
allow: [read]
- equals:
path: 'keys/PDI/svc_group_passwd'
allow: [read,create,update,delete]
context:
application: rundeck
description: project level access control
context:
project: '' # all projects
for:
resource:
- equals:
kind: job
allow: [read] # allow create and delete jobs
- equals:
kind: node
allow: [read,refresh] # allow refresh node sources
- equals:
kind: event
allow: [read,create] # allow read/create events
adhoc:
- allow: [disable_executions] # disable adhoc jobs
job:
- allow: [read,run,kill] # allow create/read/write/delete/run/kill of all jobs
node:
- allow: [read,run] # allow read/run for all nodes
by:
group: AD_Group
---
description: API Application level access control
context:
application: 'rundeck'
for:
resource:
- equals:
kind: system
allow: [read,enable_executions] # allow read of system info
project:
- match:
name: 'MDM'
allow: [read] # allow view of all projects
by:
group: AD_Group
---
description: MDM project level access control
context:
project: 'DBA' # all projects
for:
resource:
- equals:
kind: job
allow: [read] # allow create and delete jobs
- equals:
kind: node
allow: [read,refresh] # allow refresh node sources
- equals:
kind: event
allow: [read,create] # allow read/create events
adhoc:
- allow: [disable_executions] # disable adhoc jobs
job:
- allow: [read,run,kill] # allow create/read/write/delete/run/kill of all jobs
node:
- allow: [read,run] # allow read/run for all nodes
by:
group: AD_Group