FAQ
Hi I havent seen anything in the docs relating to controlling role based
access. Is it possible to assign various groups or users different access
permissions to Salt, for example LinuxAdmins have access to deploy only
Linux applications to linux software, WindowsAdmins only have access to
Windows minions, etc etc.

--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

  • Elias Probst at Dec 23, 2014 at 4:30 pm

    On 12/23/2014 05:12 PM, mike r wrote:
    Is it possible to assign various groups or users different access
    permissions to Salt
    Use ACLs for this:
    http://docs.saltstack.com/en/latest/topics/eauth/index.html
    http://docs.saltstack.com/en/latest/topics/eauth/access_control.html


    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Mike r at Dec 23, 2014 at 4:41 pm
    great, thanks will read thru this!
    On Tuesday, December 23, 2014 11:12:58 AM UTC-5, mike r wrote:

    Hi I havent seen anything in the docs relating to controlling role based
    access. Is it possible to assign various groups or users different access
    permissions to Salt, for example LinuxAdmins have access to deploy only
    Linux applications to linux software, WindowsAdmins only have access to
    Windows minions, etc etc.
    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Jmacfar at Dec 31, 2014 at 5:07 pm
    I'll hijack this thread a bit first rather than open my own.

    How far can this be taken? Linux v Windows is clearly defined. But what
    about when you add in a Deployment team under each OS? I may not
    necessarily want them to be able to add/remove apache or delete
    /etc/passwd, etc. If the deployment team has write access to a configured
    gitfs repo, is there a good method to limit this sort of behavior? Ability
    to force salt formulas to run as defined users? Or demand that contents of
    certain gitfs repos can only be run as a certain user?

    Of course, this would break a lot of prereq's (without other dev work) that
    require root (pkg:, user:, etc) if they are defined in that formula. Maybe
    a concept of calling a formula from a specific gitfs repo that can run as
    root/other priv user?


    On Tuesday, December 23, 2014 10:41:27 AM UTC-6, mike r wrote:

    great, thanks will read thru this!
    On Tuesday, December 23, 2014 11:12:58 AM UTC-5, mike r wrote:

    Hi I havent seen anything in the docs relating to controlling role based
    access. Is it possible to assign various groups or users different access
    permissions to Salt, for example LinuxAdmins have access to deploy only
    Linux applications to linux software, WindowsAdmins only have access to
    Windows minions, etc etc.
    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupsalt-users @
postedDec 23, '14 at 4:12p
activeDec 31, '14 at 5:07p
posts4
users3

3 users in discussion

Mike r: 2 posts Jmacfar: 1 post Elias Probst: 1 post

People

Translate

site design / logo © 2022 Grokbase