rundeck权限设置

本文环境centos7,Rundeck 3.0.7
目标设置权限，使用户（开发人员）只读权限可以浏览服务上的文件
直接贴配置文件
cd /etc/rundeck/
vim realm.properties #用户文件

admin:*****,user,admin,architect,deploy,build #默认的admin用户
hz_read:123456,user,architect,deploy,build #重新添加的只读用户

vim user.aclpolicy #参考admin.aclpolicy，自定义为user.aclpolicy

description: user.
context:
 project: 'php_read'  这里是rundeck里面的项目名称
for:
  resource:
    - allow: '*' # allow read/create all kinds
  adhoc:
    - allow: '*' # allow read/running/killing adhoc jobs
  job:
    - allow: '*' # allow read/write/delete/run/kill of all jobs
  node:
    - allow: '*' # allow read/run for all nodes
by:
  group: user

---

description: user
context:
  application: 'rundeck'
for:
  resource:
    - allow: 'read' # allow create of projects
  project:
    - allow: 'read' # allow view/admin of all projects
  project_acl:
    - allow: 'read' # allow user of all project-level ACL policies
  storage:
    - allow: 'read' # allow read/create/update/delete for all /keys/* storage content
by:
  username: 'hz_read' #指定刚新建的用户
  group: 'user'