本文环境centos7,Rundeck 3.0.7
目标设置权限,使用户(开发人员)只读权限可以浏览服务上的文件
直接贴配置文件
cd /etc/rundeck/
vim realm.properties #用户文件
admin:*****,user,admin,architect,deploy,build #默认的admin用户
hz_read:123456,user,architect,deploy,build #重新添加的只读用户
vim user.aclpolicy #参考admin.aclpolicy,自定义为user.aclpolicy
description: user.
context:
project: 'php_read' 这里是rundeck里面的项目名称
for:
resource:
- allow: '*' # allow read/create all kinds
adhoc:
- allow: '*' # allow read/running/killing adhoc jobs
job:
- allow: '*' # allow read/write/delete/run/kill of all jobs
node:
- allow: '*' # allow read/run for all nodes
by:
group: user
---
description: user
context:
application: 'rundeck'
for:
resource:
- allow: 'read' # allow create of projects
project:
- allow: 'read' # allow view/admin of all projects
project_acl:
- allow: 'read' # allow user of all project-level ACL policies
storage:
- allow: 'read' # allow read/create/update/delete for all /keys/* storage content
by:
username: 'hz_read' #指定刚新建的用户
group: 'user'