Skip to content

Commit 693d84d

Browse files
fdevansfdevans
committed
Update authorization.md
1 parent 82f0bc4 commit 693d84d

File tree

1 file changed

+16
-11
lines changed

1 file changed

+16
-11
lines changed

docs/administration/security/authorization.md

Lines changed: 16 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -231,8 +231,12 @@ actions you can restrict in the application scope:
231231
| " | " | none | `install` | Install plugins |
232232
| " | " | none | `uninstall` | Uninstall plugins |
233233
| " | " | none | `admin` | Full access |
234-
| " | `runner` | none | `read` | Read Access to Runners |
235-
| " | " | none | `admin` | Full access to manage Runners |
234+
| " | `runner` | none | `read` | Read Runner setup/configuration details |
235+
| " | " |none | `create` | Create new Runner entries |
236+
| " | " |none | `update` | Update existing Runner entries |
237+
| " | " |none | `delete` | Delete Runner entries |
238+
| | " |none | `ping` | Execute the ping command to check Runner status |
239+
| " | " |none | `regenerate_credentials` | Regenerate a new credential package for a Runner|
236240

237241
Table: Application scope generic type actions
238242

@@ -257,15 +261,6 @@ Table: Application scope generic type actions
257261
| " | " | `read` | Read files and list directories in the storage facility |
258262
| " | " | `delete` | Delete files in the storage facility |
259263
| `apitoken` | "username","roles" | `create` | Create an API Token with specified roles or username |
260-
| `runner` | "username","roles" | `read` | Read Runner setup/configuration details |
261-
| " | " | `create` | Create new Runner entries |
262-
| " | " | `update` | Update existing Runner entries |
263-
| " | " | `delete` | Delete Runner entries |
264-
| " | " | `ping` | Execute the ping command to check Runner status |
265-
| " | " | `regenerate_credentials`| Regenerate a new credential package for a Runner |
266-
267-
268-
269264

270265
---
271266

@@ -392,6 +387,12 @@ actions you can restrict in the project scope:
392387
| " | " | `update` | Update access |
393388
| " | " | `delete` | Delete access |
394389
| " | " | `post` | Post to webhook access |
390+
| " | `runner` | `read` | Read Runner setup/configuration details |
391+
| " | " | `create` | Create new Runner entries |
392+
| " | " | `update` | Update existing Runner entries |
393+
| " | " | `delete` | Delete Runner entries |
394+
| | " | `ping` | Execute the ping command to check Runner status |
395+
| " | " | `regenerate_credentials` | Regenerate a new credential package for a Runner|
395396

396397
Type Properties Actions Description
397398

@@ -419,6 +420,7 @@ Type Properties Actions Description
419420
| " | | `view_history` | View job executions history |
420421
| `node` | "rundeck_server", "nodename", ... | `read` | View the node in the UI (see [Node resource properties](#node-resource-properties)) |
421422
| " | | `run` | Run jobs/adhoc on the node |
423+
| `runner` | "project", "id" | `read` | Read Runner Listing |
422424

423425

424426
_Note_: see [Node resource properties](#node-resource-properties) for more node resource properties for authorization.
@@ -430,6 +432,9 @@ _Note_: `runAs` and `killAs` actions only apply to certain API endpoints, and al
430432
_Note_:
431433
Job deletion requires allowing the 'delete' action both at the generic type and specific resource levels.
432434

435+
_Note_:
436+
`runner` properties "project" is looking for a project name, and "id" is for the Runner's ID.
437+
433438
Recall that defining rules for a generic resource type is done in this way:
434439

435440
```yaml

0 commit comments

Comments
 (0)