CyberArk Conjur - Role-Based Access Control (RBAC) Policy Example

conjur-rbac.yml

########
# USERS POLICY EXAMPLE
########
---
- !user ted     # no group
- !user carol   # developer
- !user bob     # devops
- !user alice   # sec_ops

- !group developers
- !group devops
- !group sec_ops

# Grant the less-powerful groups to the more-powerful groups
- !grant
  role: !group developers
  member: !group devops

- !grant
  role: !group devops
  member: !group sec_ops

# Grant group roles to users
- !grant
  role: !group developers
  members: 
    - !user carol

- !grant
  role: !group devops 
  members: 
    - !user bob

- !grant
  role: !group sec_ops
  members:
    - !user alice
    
########
# APP ENTITLEMENTS EXAMPLE
########
---
# Internal Docker registry grants
- !grant
  role: !group ci/registry/secrets-users
  members:
  - !group operations

- !grant
  role: !group ci/registry/pushers
  members:
    - !layer ci/jenkins/executors
    - !layer ci/jenkins/releasers

- !grant
  role: !group ci/registry/pullers
  members:
    - !group developers
    - !group operations
    - !group field
    - !layer ci/jenkins/executors
    - !layer ci/jenkins/releasers