Skip to main content

Permissions

Permission declarations validate that the user applying the policy has the required privileges to successfully run the policy. The declarations must include the privileges required to retrieve the data as well as the privileges required to run the policy actions. Permission declarations are not required to apply the policy or run the policy actions. However, they are recommended. The user’s privileges are verified against the permission declarations when they attempt to apply the policy.

Each permission declaration can list multiple required privileges. The set is defined by providing a list of resource types and a list of actions that the policy needs to perform on these resources:

permission do 
   label "List Instances" 
   resources "rs_cm.instances" 
   actions "rs_cm.index" 
end 
 
permission do 
   label "List and delete servers and instances" 
   resources "rs_cm.servers", "rs_cm.instances" 
   actions "rs_cm.index", "rs_cm.destroy" 
end 
permission do 
   label "List Instances" 
   resources "rs_cm.instances" 
   actions "rs_cm.index" 
end 
 
permission do 
   label "List and delete servers and instances" 
   resources "rs_cm.servers", "rs_cm.instances" 
   actions "rs_cm.index", "rs_cm.destroy" 
end