Created
April 10, 2018 13:41
-
-
Save infamousjoeg/f92ee0471ce61ee8035dd53c1f9b6894 to your computer and use it in GitHub Desktop.
CyberArk Conjur - Revocation of Privileges via Policy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
########## | |
# CyberArk Conjur Policy permitting access to secrets | |
########## | |
--- | |
- !policy | |
id: webapp1 | |
owner: !group devops | |
body: | |
- &variables | |
- !variable database_password | |
- !layer | |
- !host tomcat_host | |
- !grant | |
role: !layer | |
member: !host tomcat_host | |
- !permit | |
role: !layer | |
privileges: [ read, execute ] | |
resource: *variables | |
########## | |
# CyberArk Conjur Policy denying access to secrets | |
########## | |
--- | |
- !policy | |
id: webapp1 | |
owner: !group devops | |
body: | |
- &variables | |
- !variable database_password | |
- !layer | |
- !host tomcat_host | |
- !grant | |
role: !layer | |
member: !host tomcat_host | |
- !deny | |
role: !layer | |
privileges: [ read, execute ] | |
resource: *variables |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment