Reputation: 95
Need to see where my ACL in RunDeck is failing in RunDeck 3.1.1
We are setting up a RunDeck site so that users can only see their own projects. Within that structure I need to make users who are job viewers/job writers/job runners and project admins. I have runners and project admins and viewers working. However I can't seem to get the job writers to work. I am using two acl files. Whenever I login as the user I can't see the 'create job' button and when I navigate to rundeck/project/MY_PROJECT/job/create I get the error 'Not authorized to create New Job' What am I missing?
This is the my_project_job_writer.acl
---
context:
application: 'rundeck'
description: "project_job_writer"
for:
project:
- equals:
name: 'MY_PROJECT'
allow: [read]
system:
- match:
name: '.*'
allow: [read]
by:
username: ['jack.hill','jill.hill']
---
context:
project:
- equals:
name: 'MY_PROJECT'
description: "project_job_writer"
for:
resource:
- equals:
kind: 'node'
allow: [read,refresh]
- equals:
kind: job
allow: [create, delete]
- equals:
kind: event
allow: [read]
job:
- allow: [create,read,update,delete,run,kill]
match:
name: '.*'
node:
- allow: [read, run, refresh]
match:
nodename: '.*'
by:
username: ['jack.hill','jill.hill']
This is the system-job_writer.acl
description: Allow groups to list projects
context:
application: 'rundeck'
for:
project:
- equals:
name: 'Default'
allow: [read]
system:
- match:
name: '.*'
allow: [read]
by:
group: job_writer
---
description: Global write permissions to job_writer role
context:
project: '.*'
for:
resource:
- equals:
kind: 'node'
allow: [read,refresh]
- equals:
kind: job
allow: [create, delete]
- equals:
kind: event
allow: [read]
job:
- allow: [create,read,update,delete,run,kill]
match:
name: '.*'
node:
- allow: [read, run, refresh]
match:
nodename: '.*'
by:
group: job_writer
And these are the entries in realm.properties
jack.hill:password,user,job_writer
jill.hill:password,user,job_writer
Upvotes: 0
Views: 716
Answers (1)
Reputation: 95
So, the old IT solve worked. I just restarted the apache server it was running on and 'bam' it worked. well that was a hour wasted, lol. For anyone wanting to use this acl policy it comes in handy.
Upvotes: 1
Related Questions
- rundeck sudo: no tty present and no askpass program specified
- Force Rundeck "Secure Remote Authentication" option to pass to script
- Rundeck user fails to switch user
- How to get Execution details through API Calls in Rundeck
- Rundeck permission denied issue while executing a job in remote host machine
- Problem of running command from Rundeck (Linux)
- RunDeck / ACL / Custom / for non-admin group
- How to pass argumets to RunDeck Run API
- Rundeck ACL Limit user to only see specific groups in project
- How can be set an ACL policy to allow a user to only run a job on Rundeck?