Created
December 3, 2010 19:02
-
-
Save ahonor/727374 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Troubleshooting access control policy | |
| After defining an aclpolicy file to grant access to a particular group | |
| of users, you may find them getting "unauthorized" messages or | |
| complaints that certain actions are not possible. | |
| To trouble shoot this, begin by checking two bits: | |
| 1. The user's group membership. This can be done by going to the | |
| user's profile page in RunDeck. That page will list the groups the | |
| user is a member. | |
| 2. Read the messages inside the `rundeck.audit.log` log file. The | |
| authorization facility generates fairly low level messages describing | |
| how the policy is matched to the user context. | |
| If you don't see any output in the audit log for a user's action and | |
| they are able to login, then make sure [role mapping](#role-mapping) | |
| is set correctly. | |
| Once the user role mappings are defined correctly ask the user to | |
| login again and attempt accessing their jobs. You should watch the | |
| steam of messages flowing through the audit log. | |
| For each entry, you'll see all decisions leading up to either a | |
| AUTHORIZED or a REJECTED message. It's not uncommon to see REJECTED | |
| messages followed by AUTHORIZED. The important thing is to look at | |
| the last decision made. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment