Rundeck ACLs

Rundeck doc on ACLs is... unsufficient. And as stated before, I needed to grant execution of jobs to a dedicated group but without other rights.

Adding this file to your rundeck setup will grant all users belonging to deploy group execution of all jobs in all projects.

description: Application access. 
context:
  application: rundeck
for:
  project:
  - allow: read

by:
  group: [deploy]

---
description : global project config for running jobs on nodes.
context:
  project: '.*'
for:
  resource:
    - equals:
        kind: 'event'
      allow: read
    - equals:
        kind: 'node'
      allow: [read, refresh, run] # allow refresh node sources (dynamic nodes resources)
  job:
  - allow: [read, run, kill]
  node:
  - allow: [read, run]
by:
  group: [deploy]
Show Comments