Hi
I'm trying to lime access to a number of users to run some jobs only in one project. I also want to be able to add jobs without modifying ACL rules for each new job. So I have 3 jobs and I have added 1 job to group "admin" and 2 jobs to "non-admin". The following ACL works for me :
---
context:
project: TES_BAUMPH
description: generated
for:
resource:
- allow: [run,read]
job:
- equals:
name: Non Admin Job 1
allow: [run,read]
- equals:
name: Non Admin Job 2
allow: [run,read]
by:
username:
- user1
- user2
User can run both jobs as expected. Both jobs are added to group "non-admin"
However when I try this:
---
context:
project: TES_BAUMPH
description: generated
for:
resource:
- allow: [run,read]
job:
- equals:
group: non-admin
allow: [run,read]
by:
username:
- user1
- user2
User can login and see the job ( because of other wider ACL) but cannot run those jobs.
Please let me know what am I doing wrong.
Genna