Este conteúdo não está disponível no idioma selecionado.
Chapter 6. Permission policies reference
Permission policies in Red Hat Developer Hub are a set of rules to govern access to resources or functionalities. These policies state the authorization level that is granted to users based on their roles. The permission policies are implemented to maintain security and confidentiality within a given environment.
You can define the following types of permissions in Developer Hub:
- resource type
- basic
The distinction between the two permission types depend on whether a permission includes a defined resource type.
You can define the resource type permission using either the associated resource type or the permission name as shown in the following example:
Example resource type permission definition
p, role:default/myrole, catalog.entity.read, read, allow g, user:default/myuser, role:default/myrole p, role:default/another-role, catalog-entity, read, allow g, user:default/another-user, role:default/another-role
You can define the basic permission in Developer Hub using the permission name as shown in the following example:
Example basic permission definition
p, role:default/myrole, catalog.entity.create, create, allow g, user:default/myuser, role:default/myrole
Developer Hub supports following permission policies:
- Catalog permissions
- .Catalog permissions
| Name | Resource type | Policy | Description |
|---|---|---|---|
|
|
|
| Allows user or role to read from the catalog |
|
|
| Allows user or role to create catalog entities, including registering an existing component in the catalog | |
|
|
|
| Allows user or role to refresh a single or multiple entities from the catalog |
|
|
|
| Allows user or role to delete a single or multiple entities from the catalog |
|
|
| Allows user or role to read a single or multiple locations from the catalog | |
|
|
| Allows user or role to create locations within the catalog | |
|
|
| Allows user or role to delete locations from the catalog |
- Bulk import permissions
- .Bulk import permissions
| Name | Resource type | Policy | Description |
|---|---|---|---|
|
|
|
| Allows the user to access the bulk import endpoints, such as listing all repositories and organizations accessible by all GitHub integrations and managing the import requests. |
- Scaffolder permissions
- .Scaffolder permissions
| Name | Resource type | Policy | Description |
|---|---|---|---|
|
|
|
| Allows the execution of an action from a template |
|
|
|
| Allows user or role to read a single or multiple one parameters from a template |
|
|
|
| Allows user or role to read a single or multiple steps from a template |
|
|
| Allows the user or role to trigger software templates which create new scaffolder tasks | |
|
|
| Allows the user or role to cancel currently running scaffolder tasks | |
|
|
| Allows user or role to read all scaffolder tasks and their associated events and logs |
- RBAC permissions
- .RBAC permissions
| Name | Resource type | Policy | Description |
|---|---|---|---|
|
|
|
| Allows user or role to read permission policies and roles |
|
|
|
| Allows user or role to create a single or multiple permission policies and roles |
|
|
|
| Allows user or role to update a single or multiple permission policies and roles |
|
|
|
| Allows user or role to delete a single or multiple permission policies and roles |
- Kubernetes permissions
- .Kubernetes permissions
| Name | Resource type | Policy | Description |
|---|---|---|---|
|
|
| Allows user or role to access the proxy endpoint |
- OCM permissions
| Name | Resource type | Policy | Description |
|---|---|---|---|
|
|
| Allows user or role to read from the OCM plugin | |
|
|
| Allows user or role to read the cluster information in the OCM plugin |
- Topology permissions
- .Topology permissions
| Name | Resource type | Policy | Description |
|---|---|---|---|
|
|
| Allows user or role to view the topology plugin | |
|
|
| Allows user or role to access the proxy endpoint, allowing them to read pod logs and events within RHDH |
