#429 ✓resolved
Greg Schueler

update aclpolicy and replace role mappings

Reported by Greg Schueler | September 7th, 2011 @ 11:35 AM | in Rundeck 1.4 (closed)

enhance the aclpolicy yaml format and replace the role mapping authorization mechanism with aclpolicy-based authorization.

needed features:

  • Acccess control on resources other than Jobs can now be declared
  • Project level access control is now supported
  • "Deny" rules can now be declared
  • Application level access control is also supported, replacing the Role mapping
  • The RunDeck server no longer uses role-mapping and instead defers to the aclpolicy for all authorizations

The caveats with the new aclpolicy apply to upgrading from an existing 1.3 or earlier installation:

  • The old XML aclpolicy files will not work, you will have to convert to the new format
  • The previous YAML aclpolicy files will need to be modified to work
  • Out of the box, upgrading your server will show numerous "unauthorized" message in the GUI until you upgrade your aclpolicy files

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

(DEPRECATED) Please use github issues for issue tracking at http://github.com/dtolabs/rundeck/issues

Shared Ticket Bins

People watching this ticket

Referenced by