{"id":754,"date":"2016-07-26T07:00:35","date_gmt":"2016-07-26T01:30:35","guid":{"rendered":"https:\/\/blog.pheonixsolutions.com\/?p=754"},"modified":"2016-07-26T07:00:35","modified_gmt":"2016-07-26T01:30:35","slug":"rundeck-acl-policy-creation","status":"publish","type":"post","link":"https:\/\/pheonixsolutions.com\/blog\/rundeck-acl-policy-creation\/","title":{"rendered":"Rundeck ACL Policy Creation"},"content":{"rendered":"

Rundeck is an awesome tools which we simply impressed recently. It has an inbuilt to run commands, creating jobs, scheduling jobs, etc., Refer our previous posts to know more about rundeck.<\/p>\n

In this post, we will try to give some example how can we restrict user access to project level. All the file which has an extension\u00a0.aclpolicy\u00a0<\/strong>on the directory \/etc\/rundeck(default installation location) will be consider as \u00a0valid file for access restriction by rundeck.<\/p>\n

 <\/p>\n

rd-acl\u00a0<\/strong>is a build in command which helps to create user policy , group policy, rundeck policy. The following are the few example which we can use to restrict project level, user level restriction.<\/p>\n

rd-acl test --context project --groups groupname --project projectname --job testjob\u00a0--allow read,run -v<\/code><\/p>\n

 <\/p>\n

---\r\nfor:\r\n  job:\r\n  - allow:\r\n    - read\r\n    - run\r\n    equals:\r\n      name: 'testjob'\r\n      \r\ndescription: generated\r\ncontext:\r\n  project: Alerts\r\nby:\r\n  group: groupname\r\n<\/pre>\n
where,<\/p>\n
test – display output in the command prompt. Create a\u00a0file with name.aclpolicy with the output content.<\/p>\n
–context – Access request. Options are rundeck, project<\/p>\n
–project – Specify your project name.<\/p>\n
–job – Mention your job name<\/p>\n
–allow – Mention the privileges for the above category.<\/p>\n
As mentioned earlier, you can simply create\u00a0groupname.aclpolicy\u00a0<\/strong>with the above mentioned lines. The beauty here is we don’t need to restart any service.<\/p>\n
rd-acl test --context application --groups groupname\u00a0--project projectname\u00a0--allow read -v<\/code><\/p>\n
\r\nfor:\r\nproject:\r\n- allow: read\r\nequals:\r\nname:\u00a0groupname\r\ndescription: generated\r\ncontext:\r\napplication: rundeck\r\nby:\r\ngroup: alerts\r\n<\/pre>\n
 <\/p>\n
where,<\/p>\n
application –\u00a0here application refers to rundeck.<\/p>\n
The below command will help to add a read, run privilege.<\/p>\n
rd-acl test --context project --groups alerts --project <projectname>\u00a0 --resource=node \u00a0--allow read,run -v<\/code><\/p>\n
 <\/p>\n
where,<\/p>\n
resource – specific resource to the project or whole resources. Options are jobs, system,project, node.<\/p>\n
 <\/p>\n
In a very simplified manner, the following ACL is a\u00a0readonly\u00a0<\/strong>privilege for the project by specific group.
\nCreate a file groupname.aclpolicy and append the following content.
\n <\/p>\n
 <\/p>\n
---\r\ndescription: \"Allow users in runjobs group to run, kill jobs, etc. in the project called YOUR PROJECT\"\r\ncontext:\r\n  project: YOUR PROJECT\r\nby:\r\n  group: groupname\r\nfor:\r\n  resource:\r\n    - equals:\r\n        kind: job\r\n      allow: [read, run, kill]\r\n    - equals:\r\n        kind: node\r\n      allow: [read]\r\n    - equals:\r\n        kind: event\r\n      allow: [read] # allow reading activity logs\r\n    - equals:\r\n        kind: 'adhoc'\r\n      allow: [read,run,kill]\r\n  adhoc:\r\n    - allow: [read,run,kill] # allow running\/killing adhoc jobs\r\n  job:\r\n    - allow: [read,run,kill]\r\n  node:\r\n    - allow: [read,run] # allow read\/run for nodes\r\n---\r\ncontext:\r\n  application: rundeck\r\ndescription: \"Users in the 'runjobs' group can launch jobs in the project called YOUR PROJECT but not edit them\"\r\nfor:\r\n  project:\r\n    - match:\r\n        name: 'YOUR PROJECT'\r\n      allow: [read]\r\n  system:\r\n    - match:\r\n        name: '.*'\r\n      allow: [read]\r\nby:\r\n  group: groupname\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
Rundeck is an awesome tools which we simply impressed recently. It has an inbuilt to run commands, creating jobs, scheduling jobs, etc., Refer our previous posts to know more about rundeck. In this post, we will try to give some example how can we restrict user access to project level.… Continue Reading Rundeck ACL Policy Creation<\/span><\/i><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-754","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"hentry","6":"category-uncategorized","7":"h-entry","9":"h-as-article"},"yoast_head":"\nPheonix Solutions - We Empower Your Business Growth<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/pheonixsolutions.com\/blog\/rundeck-acl-policy-creation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Pheonix Solutions - We Empower Your Business Growth\" \/>\n<meta property=\"og:description\" content=\"Rundeck is an awesome tools which we simply impressed recently. It has an inbuilt to run commands, creating jobs, scheduling jobs, etc., Refer our previous posts to know more about rundeck. In this post, we will try to give some example how can we restrict user access to project level.… Continue Reading Rundeck ACL Policy Creation\" \/>\n<meta property=\"og:url\" content=\"https:\/\/pheonixsolutions.com\/blog\/rundeck-acl-policy-creation\/\" \/>\n<meta property=\"og:site_name\" content=\"PHEONIXSOLUTIONS\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/PheonixSolutions-209942982759387\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-07-26T01:30:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pheonixsolutions.com\/blog\/wp-content\/uploads\/2016\/09\/PX2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"3837\" \/>\n\t<meta property=\"og:image:height\" content=\"2540\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@pheonixsolution\" \/>\n<meta name=\"twitter:site\" content=\"@pheonixsolution\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/rundeck-acl-policy-creation\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/rundeck-acl-policy-creation\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#\\\/schema\\\/person\\\/0ffa33d73c869faec2d50e79c24e3503\"},\"headline\":\"Rundeck ACL Policy Creation\",\"datePublished\":\"2016-07-26T01:30:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/rundeck-acl-policy-creation\\\/\"},\"wordCount\":258,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/rundeck-acl-policy-creation\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/rundeck-acl-policy-creation\\\/\",\"url\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/rundeck-acl-policy-creation\\\/\",\"name\":\"Pheonix Solutions - We Empower Your Business Growth\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#website\"},\"datePublished\":\"2016-07-26T01:30:35+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/rundeck-acl-policy-creation\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/rundeck-acl-policy-creation\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/rundeck-acl-policy-creation\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Rundeck ACL Policy Creation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/\",\"name\":\"Pheonix Solutions\",\"description\":\"We Empower Your Business Growth\",\"publisher\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#organization\",\"name\":\"PheonixSolutions\",\"url\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/12\\\/logo.png\",\"contentUrl\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/12\\\/logo.png\",\"width\":454,\"height\":300,\"caption\":\"PheonixSolutions\"},\"image\":{\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/PheonixSolutions-209942982759387\\\/\",\"https:\\\/\\\/x.com\\\/pheonixsolution\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/#\\\/schema\\\/person\\\/0ffa33d73c869faec2d50e79c24e3503\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/09bacc0294abee1322a23ab4bc6a0330dd4cb4df707dc9d0b0efeba6c109608b?s=96&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/09bacc0294abee1322a23ab4bc6a0330dd4cb4df707dc9d0b0efeba6c109608b?s=96&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/09bacc0294abee1322a23ab4bc6a0330dd4cb4df707dc9d0b0efeba6c109608b?s=96&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"http:\\\/\\\/blog.pheonixsolutions.com\"],\"url\":\"https:\\\/\\\/pheonixsolutions.com\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Pheonix Solutions - We Empower Your Business Growth","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/pheonixsolutions.com\/blog\/rundeck-acl-policy-creation\/","og_locale":"en_US","og_type":"article","og_title":"Pheonix Solutions - We Empower Your Business Growth","og_description":"Rundeck is an awesome tools which we simply impressed recently. It has an inbuilt to run commands, creating jobs, scheduling jobs, etc., Refer our previous posts to know more about rundeck. In this post, we will try to give some example how can we restrict user access to project level.… Continue Reading Rundeck ACL Policy Creation","og_url":"https:\/\/pheonixsolutions.com\/blog\/rundeck-acl-policy-creation\/","og_site_name":"PHEONIXSOLUTIONS","article_publisher":"https:\/\/www.facebook.com\/PheonixSolutions-209942982759387\/","article_published_time":"2016-07-26T01:30:35+00:00","og_image":[{"width":3837,"height":2540,"url":"https:\/\/pheonixsolutions.com\/blog\/wp-content\/uploads\/2016\/09\/PX2.png","type":"image\/png"}],"author":"admin","twitter_card":"summary_large_image","twitter_creator":"@pheonixsolution","twitter_site":"@pheonixsolution","twitter_misc":{"Written by":"admin","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/pheonixsolutions.com\/blog\/rundeck-acl-policy-creation\/#article","isPartOf":{"@id":"https:\/\/pheonixsolutions.com\/blog\/rundeck-acl-policy-creation\/"},"author":{"name":"admin","@id":"https:\/\/pheonixsolutions.com\/blog\/#\/schema\/person\/0ffa33d73c869faec2d50e79c24e3503"},"headline":"Rundeck ACL Policy Creation","datePublished":"2016-07-26T01:30:35+00:00","mainEntityOfPage":{"@id":"https:\/\/pheonixsolutions.com\/blog\/rundeck-acl-policy-creation\/"},"wordCount":258,"commentCount":0,"publisher":{"@id":"https:\/\/pheonixsolutions.com\/blog\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/pheonixsolutions.com\/blog\/rundeck-acl-policy-creation\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/pheonixsolutions.com\/blog\/rundeck-acl-policy-creation\/","url":"https:\/\/pheonixsolutions.com\/blog\/rundeck-acl-policy-creation\/","name":"Pheonix Solutions - We Empower Your Business Growth","isPartOf":{"@id":"https:\/\/pheonixsolutions.com\/blog\/#website"},"datePublished":"2016-07-26T01:30:35+00:00","breadcrumb":{"@id":"https:\/\/pheonixsolutions.com\/blog\/rundeck-acl-policy-creation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/pheonixsolutions.com\/blog\/rundeck-acl-policy-creation\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/pheonixsolutions.com\/blog\/rundeck-acl-policy-creation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/pheonixsolutions.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Rundeck ACL Policy Creation"}]},{"@type":"WebSite","@id":"https:\/\/pheonixsolutions.com\/blog\/#website","url":"https:\/\/pheonixsolutions.com\/blog\/","name":"Pheonix Solutions","description":"We Empower Your Business Growth","publisher":{"@id":"https:\/\/pheonixsolutions.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/pheonixsolutions.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/pheonixsolutions.com\/blog\/#organization","name":"PheonixSolutions","url":"https:\/\/pheonixsolutions.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/pheonixsolutions.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/pheonixsolutions.com\/blog\/wp-content\/uploads\/2016\/12\/logo.png","contentUrl":"https:\/\/pheonixsolutions.com\/blog\/wp-content\/uploads\/2016\/12\/logo.png","width":454,"height":300,"caption":"PheonixSolutions"},"image":{"@id":"https:\/\/pheonixsolutions.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/PheonixSolutions-209942982759387\/","https:\/\/x.com\/pheonixsolution"]},{"@type":"Person","@id":"https:\/\/pheonixsolutions.com\/blog\/#\/schema\/person\/0ffa33d73c869faec2d50e79c24e3503","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/09bacc0294abee1322a23ab4bc6a0330dd4cb4df707dc9d0b0efeba6c109608b?s=96&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/09bacc0294abee1322a23ab4bc6a0330dd4cb4df707dc9d0b0efeba6c109608b?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09bacc0294abee1322a23ab4bc6a0330dd4cb4df707dc9d0b0efeba6c109608b?s=96&r=g","caption":"admin"},"sameAs":["http:\/\/blog.pheonixsolutions.com"],"url":"https:\/\/pheonixsolutions.com\/blog\/author\/admin\/"}]}},"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p7F4uM-ca","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/posts\/754","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/comments?post=754"}],"version-history":[{"count":0,"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/posts\/754\/revisions"}],"wp:attachment":[{"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/media?parent=754"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/categories?post=754"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pheonixsolutions.com\/blog\/wp-json\/wp\/v2\/tags?post=754"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}