You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
* Update gitops abac with view and productAdded view action and product attribute permissions to apps* Update gitops-abac.md* Update gitops-abacCommented out product attribute for applications as not shown in UI
|**Actions** | {::nomarkdown}<ul><li><b>Refresh</b>: Allow users to manually regular refresh or hard refresh. The Refresh action is automatically disabled on selecting the Sync action which takes precedence. See <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#refreshhard-refresh-argo-cd-applications">Refresh/Hard Refresh applications</a>.</li><li><b>Sync</b>: Allow users to manually sync an application on-demand, and define the options for manual sync.<br>Selecting Sync automatically disables the Refresh action as Sync takes precedence over it. <br> See <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#manually-sync-an-argo-cd-application">Manually synchronize an application</a>.</li><li><b>Terminate Sync</b>: Allow users to manually stop an ongoing sync for an application. See <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#terminate-on-going-sync-for-argo-cd-applications">Terminate on-going application sync</a></li><li><b>Perform application rollback</b>: Allow users to rollback the current release of an application to a previous deployment version or release in Codefresh. See <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#rollback-argo-cd-applications">Rollback Argo CD applications</a>.</li><li><b>View pod logs</b>: Allow users to view logs for pod resources of an application in the Current State tab. <br>See <a href="https://codefresh.io/docs/docs/deployments/gitops/monitor-applications/#manifests-logs-and-events-for-application-resources">Logs for application resources</a>.</li><li><b>Pause rollout</b> and <b>Resume rollout</b>: Allow users to pause an ongoing rollout and resume a paused rollout either directly from the Timeline tab of the application, or through the controls in the Rollout Player. <br>See <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#pauseresume-ongoing-rollouts">Pause/resume ongoing rollouts</a> and <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#manage-an-ongoing-rollout-with-the-rollout-player">Managing an ongoing rollout with the Rollout Player</a>.</li><li><b>Promote full rollout</b>: Allow users to use the Promote Full button in the Rollout Player to skip the remaining steps in the rollout and promote to deployment. See <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#manage-an-ongoing-rollout-with-the-rollout-player">Managing an ongoing rollout with the Rollout Player</a>.</li><li><b>Skip current step in rollout</b>: Allow users to use the Skip Step button in the Rollout Player to skip executing the current step in the rollout. <br>See <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#manage-an-ongoing-rollout-with-the-rollout-player">Managing an ongoing rollout with the Rollout Player</a>.</li><li><b>Abort rollout</b>: Allow users to use the Abort button in the Rollout Player to terminate the current rollout. See <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#manage-an-ongoing-rollout-with-the-rollout-player">Managing an ongoing rollout with the Rollout Player</a>.</li><li><b>Retry rollout</b>: Allow users to use the Retry button in the Rollout Player to restart an aborted rollout from the beginning. Available only when a rollout was aborted. See <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#manage-an-ongoing-rollout-with-the-rollout-player">Managing an ongoing rollout with the Rollout Player</a>.</li><li><b>Delete resource</b>: Allow users to delete an application resource from the Current State tab. See <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#delete-argo-cd-applications">Delete an application</a>.</li></ul>{:/} |
83
-
|**Attributes** |Allow access to application entities on a cluster or within a namespace through a single attribute or a combination of attributes.<br>You can also add multiple instances of the same attribute with different values. {::nomarkdown} <ul><li><b>Cluster</b>: Allow access to all application entities in the cluster, regardless of the namespace, Runtime, and Git Sources of specific applications.</li><li><b>Namespace</b>: Allow access to application entities only within the namespace. If users have multiple accounts on different clusters with the same namespace, they can access applications in all those namespaces.</li><li><b>Runtime</b>: Allow access to application entities associated with the defined Runtime.</li><li><b>Git Source</b>: Allow access to application entities only in the defined Git Source. A Git Source is always associated with a Runtime.</li><li><b>Label</b>: Allow access only to application entities that share the same label. For example, add multiple Label attributes with different values to sync application entities.</li></ul>{:/} |
82
+
|**Actions** | {::nomarkdown}<ul><li><b>View</b>: Allow users to view applications in the GitOps Apps, Products, and Environments dashboards.<br>Navigating to a restricted application in any dashboard displays a no application found error. </li><li><b>Refresh</b>: Allow users to manually regular refresh or hard refresh. The Refresh action is automatically disabled on selecting the Sync action which takes precedence. See <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#refreshhard-refresh-applications">Refresh/Hard Refresh applications</a>.</li><li><b>Sync</b>: Allow users to manually sync an application on-demand, and define the options for manual sync.<br>Selecting Sync automatically disables the Refresh action as Sync takes precedence over it. <br> See <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#manually-synchronize-an-application">Manually synchronize an application</a>.</li><li><b>Terminate Sync</b>: Allow users to manually stop an ongoing sync for an application. See <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#terminate-on-going-application-sync">Terminate on-going application sync</a></li><li><b>Perform application rollback</b>: Allow users to rollback the current release of an application to a previous deployment version or release in Codefresh. See <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#rollback-argo-cd-applications">Rollback Argo CD applications</a>.</li><li><b>View pod logs</b>: Allow users to view logs for pod resources of an application in the Current State tab. <br>See <a href="https://codefresh.io/docs/docs/deployments/gitops/applications-dashboard/#logs-for-application-resources">Logs for application resources</a>.</li><li><b>Pause rollout</b> and <b>Resume rollout</b>: Allow users to pause an ongoing rollout and resume a paused rollout either directly from the Timeline tab of the application, or through the controls in the Rollout Player. <br>See <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#pauseresume-ongoing-rollouts">Pause/resume ongoing rollouts</a> and <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#manage-an-ongoing-rollout-with-the-rollout-player">Managing an ongoing rollout with the Rollout Player</a>.</li><li><b>Promote full rollout</b>: Allow users to use the Promote Full button in the Rollout Player to skip the remaining steps in the rollout and promote to deployment. See <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#manage-an-ongoing-rollout-with-the-rollout-player">Managing an ongoing rollout with the Rollout Player</a>.</li><li><b>Skip current step in rollout</b>: Allow users to use the Skip Step button in the Rollout Player to skip executing the current step in the rollout. <br>See <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#manage-an-ongoing-rollout-with-the-rollout-player">Managing an ongoing rollout with the Rollout Player</a>.</li><li><b>Abort rollout</b>: Allow users to use the Abort button in the Rollout Player to terminate the current rollout. See <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#manage-an-ongoing-rollout-with-the-rollout-player">Managing an ongoing rollout with the Rollout Player</a>.</li><li><b>Retry rollout</b>: Allow users to use the Retry button in the Rollout Player to restart an aborted rollout from the beginning. Available only when a rollout was aborted. See <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#manage-an-ongoing-rollout-with-the-rollout-player">Managing an ongoing rollout with the Rollout Player</a>.</li><li><b>Delete resource</b>: Allow users to delete an application resource from the Current State tab. See <a href="https://codefresh.io/docs/docs/deployments/gitops/manage-application/#delete-an-application">Delete an application</a>.</li></ul>{:/} |
83
+
|**Attributes** |Allow access to application entities on a cluster or within a namespace through a single attribute or a combination of attributes.<br>You can also add multiple instances of the same attribute with different values. {::nomarkdown} <ul><li><b>Cluster</b>: Allow access to all application entities in the cluster, regardless of the namespace, Runtime, and Git Sources of specific applications.</li><li><b>Namespace</b>: Allow access to application entities only within the namespace. If users have multiple accounts on different clusters with the same namespace, they can access applications in all those namespaces.</li><li><b>Runtime</b>: Allow access to application entities associated with the defined Runtime.</li><li><b>Git Source</b>: Allow access to application entities only in the defined Git Source. A Git Source is always associated with a Runtime.</li><li><b>Label</b>: Allow access only to application entities that share the same label. For example, add multiple Label attributes with different values to sync application entities.</li><!---<li><b>Product</b>: Allow access to application entities associated with the product. For details on associating applications with products, see <a href="https://codefresh.io/docs/docs/products/assign-applications/">Assigning applications to products</a>.</li>--></ul>{:/} |
84
+
84
85
85
86
###Examples of rules for application entities
86
87
@@ -115,6 +116,16 @@ This rule grants the Support team permission to manually sync application entiti
115
116
*`Namespace: poc`
116
117
*`Label: customer=AcmePoc`
117
118
119
+
####Rule: Product-based access to application
120
+
This rule grants the Quality team permission to all actions on application entities associated with a specific product within a specific namespace.