#525 Ability to "run" jobs without "read" access. - Rundeck Development

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

#525 new

Ability to "run" jobs without "read" access.

Reported by Russell | February 21st, 2012 @ 10:21 AM

Issue Type: Improvement
- Rundeck version: 1.4.1

Issue:

Currently a user has to be authorized to "read" a job in order to run it,
even as a job reference. Maybe this is too restrictive and you should be
able to "run" without "read" access.

Reproduce:

I have some jobs that call other jobs. I want to prevent certain
users from being to access the sub-jobs directly. They should only be
allowed to run the top level jobs.
example:

-group1 -- job1 - calls job4 -- job2 - calls job5 -- job3 - calls job6

-group2 -- job4 -- job5 -- job6

I want the restricted users to be able to run all the jobs in group1,
but I do not want them to be able to run the jobs in group2 DIRECTLY.
That is, they shouldn't be able to invoke group2 directly, only via
group1.
My current permissions are giving access to group1 only, and when the
restricted users try to run the jobs, the lower level jobs are
denied. Is there a way to just hide the group2 jobs in the UI?

No comments found

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.