Hello! I'm sure I'm missing something simple, but I'm trying to lock down access to certain tasks. We'll have some temporary users accessing our system and I want to control what they can and can't do. I get the whole allow/deny and I'm hoping that the View/Administer will be flexible enough to let me limit what users can do to pipelines, but my initial test goal is to have a working permissions set that does anything with pipelines.
when I set a system administrator everyone gets their permissions dropped as expected. But once I start adding them to a role containing a policy that says for example Allow - Administer - Environments - *, I get the ability as that user to see all environments but I can't see pipelines in those environments. Setting Allow - Administer - All - * also doesn't let me see pipelines. How can I use roles/policies to give users permissions to basic items in the system such as: I want a user to be able to run pipelines containing a certain wildcarded name filter or I want them to be able to view all but only execute certain environments, say only pipelines assigned in the environment labeled TEST. The documentation doesn't give specific cases that are helpful in this case. For example it says that Admnister on UI gives list, create, update, delete, agent status and elastic profiles usage but the closes I can see in the policy is the allow administer * * which doesn't let my user see any pipelines. I'm running 22.3 with LDAP as my authentication provider if that helps/affects anything. Any tips on how to get permissions set up to filter what can and can't be accessed by non-systemadmins? Thanks! -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/1582fc8d-5b93-4fa9-b098-9453b78e33ean%40googlegroups.com.
