Red Hat SummitThis documentation is for a release that is no longer maintained
See documentation for the latest supported version.Este contenido no está disponible en el idioma seleccionado.
Chapter 7. Permission policies reference
Permission policies in Red Hat Developer Hub are a set of rules to govern access to resources or functionalities. These policies state the authorization level that is granted to users based on their roles. The permission policies are implemented to maintain security and confidentiality within a given environment.
You can define the following types of permissions in Developer Hub:
- resource type
- basic
The distinction between the two permission types depend on whether a permission includes a defined resource type.
You can define the resource type permission using either the associated resource type or the permission name as shown in the following example:
Example resource type permission definition
p, role:default/myrole, catalog.entity.read, read, allow g, user:default/myuser, role:default/myrole p, role:default/another-role, catalog-entity, read, allow g, user:default/another-user, role:default/another-role
p, role:default/myrole, catalog.entity.read, read, allow
g, user:default/myuser, role:default/myrole
p, role:default/another-role, catalog-entity, read, allow
g, user:default/another-user, role:default/another-roleYou can define the basic permission in Developer Hub using the permission name as shown in the following example:
Example basic permission definition
p, role:default/myrole, catalog.entity.create, create, allow g, user:default/myuser, role:default/myrole
p, role:default/myrole, catalog.entity.create, create, allow
g, user:default/myuser, role:default/myroleDeveloper Hub supports following permission policies:
- Catalog permissions
- .Catalog permissions
| Name | Resource type | Policy | Description |
|---|---|---|---|
|
|
|
| Allows a user or role to read from the catalog |
|
|
| Allows a user or role to create catalog entities, including registering an existing component in the catalog | |
|
|
|
| Allows a user or role to refresh a single or multiple entities from the catalog |
|
|
|
| Allows a user or role to delete a single or multiple entities from the catalog |
|
|
| Allows a user or role to read a single or multiple locations from the catalog | |
|
|
| Allows a user or role to create locations within the catalog | |
|
|
| Allows a user or role to delete locations from the catalog |
- Bulk import permission
- .Bulk import permission
| Name | Resource type | Policy | Description |
|---|---|---|---|
|
|
|
| Allows the user to access the bulk import endpoints, such as listing all repositories and organizations accessible by all GitHub integrations and managing the import requests |
- Scaffolder permissions
- .Scaffolder permissions
| Name | Resource type | Policy | Description |
|---|---|---|---|
|
|
|
| Allows the execution of an action from a template |
|
|
|
| Allows a user or role to read a single or multiple one parameters from a template |
|
|
|
| Allows a user or role to read a single or multiple steps from a template |
|
|
| Allows a user or role to trigger software templates which create new scaffolder tasks | |
|
|
| Allows a user or role to cancel currently running scaffolder tasks | |
|
|
| Allows a user or role to read all scaffolder tasks and their associated events and logs |
- RBAC permissions
- .RBAC permissions
| Name | Resource type | Policy | Description |
|---|---|---|---|
|
|
|
| Allows a user or role to read permission policies and roles |
|
|
|
| Allows a user or role to create a single or multiple permission policies and roles |
|
|
|
| Allows a user or role to update a single or multiple permission policies and roles |
|
|
|
| Allows a user or role to delete a single or multiple permission policies and roles |
- Kubernetes permissions
- .Kubernetes permissions
| Name | Resource type | Policy | Description |
|---|---|---|---|
|
|
| Allows a user or role to access the proxy endpoint |
- OCM permissions
| Name | Resource type | Policy | Description |
|---|---|---|---|
|
|
| Allows a user or role to read from the OCM plugin | |
|
|
| Allows a user or role to read the cluster information in the OCM plugin |
- Topology permissions
- .Topology permissions
| Name | Resource type | Policy | Description |
|---|---|---|---|
|
|
| Allows a user or role to view the topology plugin | |
|
|
| Allows a user or role to access the proxy endpoint, allowing the user or role to read pod logs and events within RHDH |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}