3.3.9 acl group access to multiple projects

278 views
Skip to first unread message

Dave Macias

unread,
Jul 7, 2021, 7:45:36 PM7/7/21
to rundeck-discuss
Hello, 

First time poster here.
Currently we have a group called `devops` which access PE_TEAM project, with the below acl. 

I tried modifying it to include another project called AM_TEAM but i could never see the AM_TEAM project when I login as a user under the devops group. (See what I added in bold but unfortunately i did not work)

description: devops group users will only have permissions to access PE_TEAM project
context:
  application: 'rundeck'
by:
  group: 'devops'
for:
  project:
    - equals:
        name: 'PE_TEAM'
      allow: [read]
    - equals:
        name: 'AM_TEAM'
      allow: [read]
---
description: devops group users will only have permissions to run and kill jobs in the project
context:
  project: 'PE_TEAM'
by:
  group: 'devops'
for:
  job:
    - allow: ['read','run','kill']
    - equals:
        group: 'devops'
      allow: ['read','run','kill']
  node:
    - allow: ['read','run']
  adhoc:
    - allow: ['run','read']
  resource:
    - allow: 'read'
---
description: devops group users will only have permissions to run and kill jobs in the project
context:
  project: 'AM_TEAM'
by:
  group: 'devops'
for:
  job:
    - allow: ['read','run','kill']
    - equals:
        group: 'devops'
      allow: ['read','run','kill']
  node:
    - allow: ['read','run']
  adhoc:
    - allow: ['run','read']
  resource:
    - allow: 'read'

Any input is much appreciated!

-Dave

rac...@rundeck.com

unread,
Jul 8, 2021, 6:01:57 PM7/8/21
to rundeck-discuss

Hey Dave,

Following this case, I leave another way to reach the same result, take a look, and feel free to modify it:

description: project
context:
  project: 'PE_TEAM|AM_TEAM'
for:
  job:
    - allow: [read,run]
  node:
    - allow: [read,run]
by:
  group: devops

---

description: app
context:
  application: 'rundeck'
for:
  project:
    - match:
        name: 'PE_TEAM|AM_TEAM'
      allow: [read]
  storage:
    - allow: [read]

by:
  group: devops

Hope it helps!

Dave Macias

unread,
Jul 9, 2021, 4:20:56 PM7/9/21
to rundeck-discuss
That helped!
Thank you!!
--
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/127b27fd-fcee-428a-a0e1-09e168dd17fcn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages