Created
April 10, 2018 14:16
-
-
Save infamousjoeg/ff5c5e9af0a2d09bba88f46fd98cea36 to your computer and use it in GitHub Desktop.
CyberArk Conjur - Role-Based Access Control (RBAC) Policy Example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
######## | |
# USERS POLICY EXAMPLE | |
######## | |
--- | |
- !user ted # no group | |
- !user carol # developer | |
- !user bob # devops | |
- !user alice # sec_ops | |
- !group developers | |
- !group devops | |
- !group sec_ops | |
# Grant the less-powerful groups to the more-powerful groups | |
- !grant | |
role: !group developers | |
member: !group devops | |
- !grant | |
role: !group devops | |
member: !group sec_ops | |
# Grant group roles to users | |
- !grant | |
role: !group developers | |
members: | |
- !user carol | |
- !grant | |
role: !group devops | |
members: | |
- !user bob | |
- !grant | |
role: !group sec_ops | |
members: | |
- !user alice | |
######## | |
# APP ENTITLEMENTS EXAMPLE | |
######## | |
--- | |
# Internal Docker registry grants | |
- !grant | |
role: !group ci/registry/secrets-users | |
members: | |
- !group operations | |
- !grant | |
role: !group ci/registry/pushers | |
members: | |
- !layer ci/jenkins/executors | |
- !layer ci/jenkins/releasers | |
- !grant | |
role: !group ci/registry/pullers | |
members: | |
- !group developers | |
- !group operations | |
- !group field | |
- !layer ci/jenkins/executors | |
- !layer ci/jenkins/releasers |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment