weyderfs · October 2, 2019 19:16
diff --git a/RundeckPoliceByJobs.yml b/RundeckPoliceByJobs.yml
 description: Developer project level access control. Applies to resources within a specific project.
 context:
  project: 'Your Project Name here' # all projects
 for:
  job:
    - allow: [read] # allow read of all jobs
    - match:
        group: 'HML/*'
      allow: [read,run] # allow run access for jobs within the "HML" top level group

 by:
  group: gdev
 ---
 description: Developer Application level access control, applies to creating/deleting projects, admin of user profiles, viewing projects and reading system information.
 context:
  application: 'rundeck'
 for:
  resource:
    - equals:
        kind: system
      allow: [read] # allow read of system info, enable/disable all executions
    - equals:
        kind: system_acl
      allow: [read] # allow modifying system ACL files
    - equals:
        kind: user
      allow: [read] # allow modify user profiles
  project:
    - match:
        name: '.*'
      allow: [read]
  project_acl:
    - match:
        name: '.*'
      allow: [read]
  storage:
    - allow: [read]

 by:
  group: gdev
 ---
 description: Leader project level access control. Applies to resources within a specific project.
 context:
  project: 'Your Project Name Here' # all projects
 for:
  job:
    - allow: [read,run] # allow read of all jobs

 by:
  group: gleader
 ---
 description: Leader Application level access control, applies to creating/deleting projects, admin of user profiles, viewing projects and reading system information.
 context:
  application: 'rundeck'
 for:
  resource:
    - equals:
        kind: system
      allow: [read] # allow read of system info, enable/disable all executions
    - equals:
        kind: system_acl
      allow: [read] # allow modifying system ACL files
    - equals:
        kind: user
      allow: [read] # allow modify user profiles
  project:
    - match:
        name: '.*'
      allow: [read]
  project_acl:
    - match:
        name: '.*'
      allow: [read]
  storage:
    - allow: [read]

 by:
  group: gleader
	description: Developer project level access control. Applies to resources within a specific project.
	context:
	project: 'Your Project Name here' # all projects
	for:
	job:
	- allow: [read] # allow read of all jobs
	- match:
	group: 'HML/*'
	allow: [read,run] # allow run access for jobs within the "HML" top level group

	by:
	group: gdev
	---
	description: Developer Application level access control, applies to creating/deleting projects, admin of user profiles, viewing projects and reading system information.
	context:
	application: 'rundeck'
	for:
	resource:
	- equals:
	kind: system
	allow: [read] # allow read of system info, enable/disable all executions
	- equals:
	kind: system_acl
	allow: [read] # allow modifying system ACL files
	- equals:
	kind: user
	allow: [read] # allow modify user profiles
	project:
	- match:
	name: '.*'
	allow: [read]
	project_acl:
	- match:
	name: '.*'
	allow: [read]
	storage:
	- allow: [read]

	by:
	group: gdev
	---
	description: Leader project level access control. Applies to resources within a specific project.
	context:
	project: 'Your Project Name Here' # all projects
	for:
	job:
	- allow: [read,run] # allow read of all jobs

	by:
	group: gleader
	---
	description: Leader Application level access control, applies to creating/deleting projects, admin of user profiles, viewing projects and reading system information.
	context:
	application: 'rundeck'
	for:
	resource:
	- equals:
	kind: system
	allow: [read] # allow read of system info, enable/disable all executions
	- equals:
	kind: system_acl
	allow: [read] # allow modifying system ACL files
	- equals:
	kind: user
	allow: [read] # allow modify user profiles
	project:
	- match:
	name: '.*'
	allow: [read]
	project_acl:
	- match:
	name: '.*'
	allow: [read]
	storage:
	- allow: [read]

	by:
	group: gleader