ericrdgz/gist:f567492629dc8f1bd952b9c3ffd3b89a

## gistfile1.txt
description: Admin project level access control. Applies to resources within a specific project.
context:
 project: '.*' # all projects
for:
 resource:
 - equals:
 kind: job
 allow: [create] # allow create jobs
 - equals:
 kind: node
 allow: [read,create,update,refresh] # allow refresh node sources
 - equals:
 kind: event
 allow: [read,create] # allow read/create events
 adhoc:
 - allow: [read,run,runAs,kill,killAs] # allow running/killing adhoc jobs
 job:
 - allow: [create,read,update,delete,run,runAs,kill,killAs] # allow create/read/write/delete/run/kill of all jobs
 node:
 - allow: [read,run] # allow read/run for nodes
by:
 group: [rundeckusers]

---

description: Admin Application level access control, applies to creating/deleting projects, admin of user profiles, viewing projects and reading system information.
context:
 application: 'rundeck'
for:
 resource:
 - equals:
 kind: project
 allow: [create] # allow create of projects
 - equals:
 kind: system
 allow: [read] # allow read of system info
 - equals:
 kind: user
 allow: [admin] # allow modify user profiles
 project:
 - match:
 name: '.*'
 allow: [read,import,export,configure,delete] # allow full access of all projects or use 'admin'
 storage:
 - allow: [read,create,update,delete] # allow access for /ssh-key/* storage content

by:
 group: [rundeckusers]
	description: Admin project level access control. Applies to resources within a specific project.
	context:
	project: '.*' # all projects
	for:
	resource:
	- equals:
	kind: job
	allow: [create] # allow create jobs
	- equals:
	kind: node
	allow: [read,create,update,refresh] # allow refresh node sources
	- equals:
	kind: event
	allow: [read,create] # allow read/create events
	adhoc:
	- allow: [read,run,runAs,kill,killAs] # allow running/killing adhoc jobs
	job:
	- allow: [create,read,update,delete,run,runAs,kill,killAs] # allow create/read/write/delete/run/kill of all jobs
	node:
	- allow: [read,run] # allow read/run for nodes
	by:
	group: [rundeckusers]

	---

	description: Admin Application level access control, applies to creating/deleting projects, admin of user profiles, viewing projects and reading system information.
	context:
	application: 'rundeck'
	for:
	resource:
	- equals:
	kind: project
	allow: [create] # allow create of projects
	- equals:
	kind: system
	allow: [read] # allow read of system info
	- equals:
	kind: user
	allow: [admin] # allow modify user profiles
	project:
	- match:
	name: '.*'
	allow: [read,import,export,configure,delete] # allow full access of all projects or use 'admin'
	storage:
	- allow: [read,create,update,delete] # allow access for /ssh-key/* storage content

	by:
	group: [rundeckusers]