Hide project to users that don´t have rights on jobs inside project
236 views
Skip to first unread message
Peter Garlic
May 30, 2016, 9:54:46 AM5/30/16
to rundeck-discuss
Hi
I've implement rundeck 2.6.7-1 on a test environment based on ubuntu 14 server and all is working well. Can run local and remote commands, call ansible commands and playbook, and so on. But one of the requirements is hide projects to some users and i can´t find a way to to that.
Using the ACL at the moment any user can see any project, while opening a project they can see/use only the jobs that allowed to access. I´m supposing that is just a combination of ACLs because on the rundeck documentation is written "Also note that to hide projects completely from users, you would need to grant or deny the "read" access to the project in the Application Scope." (ref: http://rundeck.org/docs/administration/access-control-policy.html#application-scope-resources-and-actions )
Anyone have approached a problem like this?
Thanks
- Configuration Details
On my system at the moment I´ve 5 projects.
- RundeckAnsbileTest02 - Ansible intregration - accessible only from admins
- RundeckTest01- Os intregration - accessible only from admins
- RundeckGroupA - basic local command (shell: ls -la) just for rights test - accessible from user1 - RO
- RundeckGroupB - basic local command (shell: ls -la) just for rights test - accessible from user2 - RW
- RundeckGroupC - basic local command (shell: ls -la) just for rights test - accessible from user3 - test user for project hiding
P.s. I´ve attached my /ect/rundeck sample configuration files
I've implement rundeck 2.6.7-1 on a test environment based on ubuntu 14 server and all is working well. Can run local and remote commands, call ansible commands and playbook, and so on. But one of the requirements is hide projects to some users and i can´t find a way to to that.
Using the ACL at the moment any user can see any project, while opening a project they can see/use only the jobs that allowed to access. I´m supposing that is just a combination of ACLs because on the rundeck documentation is written "Also note that to hide projects completely from users, you would need to grant or deny the "read" access to the project in the Application Scope." (ref: http://rundeck.org/docs/administration/access-control-policy.html#application-scope-resources-and-actions )
Anyone have approached a problem like this?
Thanks
- Configuration Details
On my system at the moment I´ve 5 projects.
- RundeckAnsbileTest02 - Ansible intregration - accessible only from admins
- RundeckTest01- Os intregration - accessible only from admins
- RundeckGroupA - basic local command (shell: ls -la) just for rights test - accessible from user1 - RO
- RundeckGroupB - basic local command (shell: ls -la) just for rights test - accessible from user2 - RW
- RundeckGroupC - basic local command (shell: ls -la) just for rights test - accessible from user3 - test user for project hiding
P.s. I´ve attached my /ect/rundeck sample configuration files
Fred Ellenberger
May 30, 2016, 2:45:34 PM5/30/16
to rundeck-discuss
The attached acl grants any user that is a part of the group "TEST_GROUP" admin-level access to the project called "PROJECT_NAME" only, and I can confirm that they are not able to see any other projects when logged in. Hope this helps.
Peter Garlic
May 31, 2016, 6:03:08 AM5/31/16
to rundeck-discuss
Hi Fred
Comparing my acl configuration with your file and some other examples from angystardust I´ve found the problem!!! :D
Now it´s all right. Maybe in the future I will put an acl sample on github.
Thanks a lot for your help
Comparing my acl configuration with your file and some other examples from angystardust I´ve found the problem!!! :D
Now it´s all right. Maybe in the future I will put an acl sample on github.
Thanks a lot for your help
Reply all
Reply to author
Forward
0 new messages