mirror of
https://github.com/argoproj/argo-cd.git
synced 2026-02-20 01:28:45 +01:00
2.3 KiB
2.3 KiB
| 1 | # Built-in policy which defines two roles: role:readonly and role:admin, |
|---|---|
| 2 | # and additionally assigns the admin user to the role:admin role. |
| 3 | # There are two policy formats: |
| 4 | # 1. Applications, applicationsets, logs, and exec (which belong to a project): |
| 5 | # p, <role/user/group>, <resource>, <action>, <project>/<object>, <allow/deny> |
| 6 | # 2. All other resources: |
| 7 | # p, <role/user/group>, <resource>, <action>, <object>, <allow/deny> |
| 8 | p, role:readonly, applications, get, */*, allow |
| 9 | p, role:readonly, applicationsets, get, */*, allow |
| 10 | p, role:readonly, certificates, get, *, allow |
| 11 | p, role:readonly, clusters, get, *, allow |
| 12 | p, role:readonly, repositories, get, *, allow |
| 13 | p, role:readonly, write-repositories, get, *, allow |
| 14 | p, role:readonly, projects, get, *, allow |
| 15 | p, role:readonly, accounts, get, *, allow |
| 16 | p, role:readonly, gpgkeys, get, *, allow |
| 17 | p, role:readonly, logs, get, */*, allow |
| 18 | p, role:admin, applications, create, */*, allow |
| 19 | p, role:admin, applications, update, */*, allow |
| 20 | p, role:admin, applications, update/*, */*, allow |
| 21 | p, role:admin, applications, delete, */*, allow |
| 22 | p, role:admin, applications, delete/*, */*, allow |
| 23 | p, role:admin, applications, sync, */*, allow |
| 24 | p, role:admin, applications, override, */*, allow |
| 25 | p, role:admin, applications, action/*, */*, allow |
| 26 | p, role:admin, applicationsets, get, */*, allow |
| 27 | p, role:admin, applicationsets, create, */*, allow |
| 28 | p, role:admin, applicationsets, update, */*, allow |
| 29 | p, role:admin, applicationsets, delete, */*, allow |
| 30 | p, role:admin, certificates, create, *, allow |
| 31 | p, role:admin, certificates, update, *, allow |
| 32 | p, role:admin, certificates, delete, *, allow |
| 33 | p, role:admin, clusters, create, *, allow |
| 34 | p, role:admin, clusters, update, *, allow |
| 35 | p, role:admin, clusters, delete, *, allow |
| 36 | p, role:admin, repositories, create, *, allow |
| 37 | p, role:admin, repositories, update, *, allow |
| 38 | p, role:admin, repositories, delete, *, allow |
| 39 | p, role:admin, write-repositories, create, *, allow |
| 40 | p, role:admin, write-repositories, update, *, allow |
| 41 | p, role:admin, write-repositories, delete, *, allow |
| 42 | p, role:admin, projects, create, *, allow |
| 43 | p, role:admin, projects, update, *, allow |
| 44 | p, role:admin, projects, delete, *, allow |
| 45 | p, role:admin, accounts, update, *, allow |
| 46 | p, role:admin, gpgkeys, create, *, allow |
| 47 | p, role:admin, gpgkeys, delete, *, allow |
| 48 | p, role:admin, exec, create, */*, allow |
| 49 | g, role:admin, role:readonly |
| 50 | g, admin, role:admin |