#525 new
Russell

Ability to "run" jobs without "read" access.

Reported by Russell | February 21st, 2012 @ 10:21 AM

  • Issue Type: Improvement
    • Rundeck version: 1.4.1

Issue:

Currently a user has to be authorized to "read" a job in order to run it,
even as a job reference. Maybe this is too restrictive and you should be
able to "run" without "read" access.


Reproduce:

I have some jobs that call other jobs. I want to prevent certain
users from being to access the sub-jobs directly. They should only be
allowed to run the top level jobs.
example:

-group1 -- job1 - calls job4 -- job2 - calls job5 -- job3 - calls job6

-group2 -- job4 -- job5 -- job6

I want the restricted users to be able to run all the jobs in group1,
but I do not want them to be able to run the jobs in group2 DIRECTLY.
That is, they shouldn't be able to invoke group2 directly, only via
group1.
My current permissions are giving access to group1 only, and when the
restricted users try to run the jobs, the lower level jobs are
denied. Is there a way to just hide the group2 jobs in the UI?

No comments found

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

(DEPRECATED) Please use github issues for issue tracking at http://github.com/dtolabs/rundeck/issues

Shared Ticket Bins

People watching this ticket

Pages