【发布时间】:2020-03-30 23:15:37
【问题描述】:
我们正在建立一个 RunDeck 站点,以便用户只能看到他们自己的项目。在该结构中,我需要让用户成为工作查看者/工作编写者/工作运行者和项目管理员。我有跑步者、项目管理员和观众在工作。但是,我似乎无法让求职者工作。我正在使用两个 acl 文件。每当我以用户身份登录时,我看不到“创建作业”按钮,当我导航到 rundeck/project/MY_PROJECT/job/create 时,我收到错误“未授权创建新作业”我错过了什么?
这是 my_project_job_writer.acl
---
context:
application: 'rundeck'
description: "project_job_writer"
for:
project:
- equals:
name: 'MY_PROJECT'
allow: [read]
system:
- match:
name: '.*'
allow: [read]
by:
username: ['jack.hill','jill.hill']
---
context:
project:
- equals:
name: 'MY_PROJECT'
description: "project_job_writer"
for:
resource:
- equals:
kind: 'node'
allow: [read,refresh]
- equals:
kind: job
allow: [create, delete]
- equals:
kind: event
allow: [read]
job:
- allow: [create,read,update,delete,run,kill]
match:
name: '.*'
node:
- allow: [read, run, refresh]
match:
nodename: '.*'
by:
username: ['jack.hill','jill.hill']
这是system-job_writer.acl
description: Allow groups to list projects
context:
application: 'rundeck'
for:
project:
- equals:
name: 'Default'
allow: [read]
system:
- match:
name: '.*'
allow: [read]
by:
group: job_writer
---
description: Global write permissions to job_writer role
context:
project: '.*'
for:
resource:
- equals:
kind: 'node'
allow: [read,refresh]
- equals:
kind: job
allow: [create, delete]
- equals:
kind: event
allow: [read]
job:
- allow: [create,read,update,delete,run,kill]
match:
name: '.*'
node:
- allow: [read, run, refresh]
match:
nodename: '.*'
by:
group: job_writer
这些是 realm.properties 中的条目
jack.hill:password,user,job_writer
jill.hill:password,user,job_writer
【问题讨论】: