-
Notifications
You must be signed in to change notification settings - Fork 16
Expand file tree
/
Copy pathdefault-rbac-policy.csv
More file actions
We can make this file beautiful and searchable if this error is corrected: It looks like row 2 should actually have 1 column, instead of 5 in line 1.
42 lines (40 loc) · 2.51 KB
/
default-rbac-policy.csv
File metadata and controls
42 lines (40 loc) · 2.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# Grant catalog permissions (dot notation - for named permissions)
p, role:default/aap-admins, catalog.entity.create, create, allow
p, role:default/aap-admins, catalog.entity.read, read, allow
p, role:default/aap-admins, catalog.entity.update, update, allow
p, role:default/aap-admins, catalog.entity.delete, delete, allow
# Grant catalog location permissions (for catalog-import)
p, role:default/aap-admins, catalog.location.create, create, allow
p, role:default/aap-admins, catalog.location.read, read, allow
p, role:default/aap-admins, catalog.location.update, update, allow
p, role:default/aap-admins, catalog.location.delete, delete, allow
# Grant permission to execute/launch any scaffolder template
p, role:default/aap-admins, scaffolder.template.parameter.read, read, allow
p, role:default/aap-admins, scaffolder.template.step.read, read, allow
p, role:default/aap-admins, scaffolder.action.execute, use, allow
p, role:default/aap-admins, scaffolder.task.create, create, allow
p, role:default/aap-admins, scaffolder.task.read, read, allow
p, role:default/aap-admins, scaffolder.task.cancel, use, allow
# Grant permission to read, delete, use, create, and update permissions
p, role:default/aap-admins, permission.create, create, allow
p, role:default/aap-admins, permission.read, read, allow
p, role:default/aap-admins, permission.update, update, allow
p, role:default/aap-admins, permission.delete, delete, allow
p, role:default/aap-admins, permission.use, use, allow
# Grant RBAC policy management permissions (dot notation - for named permission)
p, role:default/aap-admins, policy.entity, create, allow
p, role:default/aap-admins, policy.entity, read, allow
p, role:default/aap-admins, policy.entity, update, allow
p, role:default/aap-admins, policy.entity, delete, allow
# Grant named permission for policy.entity.create (Option B - bypass transformation)
p, role:default/aap-admins, policy.entity.create, create, allow
# Assign the 'aap-admins' role to all AAP admins users
g, group:default/aap-admins, role:default/aap-admins
p, role:default/portal-users, catalog-entity, read, allow
p, role:default/portal-users, scaffolder.template.parameter.read, read, allow
p, role:default/portal-users, scaffolder.template.step.read, read, allow
p, role:default/portal-users, scaffolder.action.execute, use, allow
p, role:default/portal-users, scaffolder.task.create, create, allow
p, role:default/portal-users, scaffolder.task.read, read, allow
p, role:default/portal-users, scaffolder.task.cancel, use, allow
g, group:default/portal-users, role:default/portal-users