登錄rundeck系統http://rundeck.com:4440/user/login (登錄自己的系統)
2.權限設置, 點擊Access Contral
3.創建策略
4. 策略內容模板
注: 以下各字段說明參考官方文檔:http://rundeck.org/docs/administration/access-control-policy.html
用戶hyh01是用命令行工具創建,參考文檔: http://blog.51cto.com/haoyonghui/2085869
權限控制配置
description: hyh01 project access contral context: #描述策略範圍project和application, application級別策略控制所有project的規則及system級別權限,project策略控制project下的資源規則 project: '.*' # 項目app01對應的策略 for: #for下面對應的資源類型job node adhoc project resource resource: - match: # 匹配模式match(list or string) equals(string) contains(list or string) subset(list string) kind: job allow: [create] # allow create jobs 可填的選項create/delete - equals: kind: node allow: [read,create,update,refresh] # allow refresh node sources - equals: kind: event #read顯示執行命令歷史記錄 allow: [read,create] # allow read/create events adhoc: #command命令策略 - allow: [read,run] # allow running/killing adhoc jobs job: - match: name: 'check' allow: [read,create,delete,run] #只有滿足這裏的策略,resource的策略才生效 #- allow: [create,run,read,update,delete,runAs,kill,killAs] # allow create/read/write/delete/run/kill of all jobs node: - match: nodename: 'rundeck' #匹配節點機,匹配不到則job執行失敗 allow: [read,run] #- allow: [read,run] # allow read/run for nodes by: username: 'hyh01' --- description: hyh01 application access contral context: application: 'rundeck' for: resource: - equals: kind: project allow: [create] # allow create of projects - equals: kind: system allow: [read,enable_executions,disable_executions,admin] # allow read of system info, enable/disable all executions - equals: kind: system_acl allow: [read,create,update,delete,admin] # allow modifying system ACL files - equals: kind: user allow: [admin] # allow modify user profiles project: - match: name: 'test|app01' allow: [read,import] # allow full access of all projects or use 'admin' project_acl: - match: name: 'test|app01' allow: [read,create] # allow modifying project-specific ACL files storage: - allow: [create,update,delete] # allow access for /ssh-key/* storage content by: group: hyh01