RBAC - Limit Users to Just Poweron and Poweroff IPMI Controls
This article describes how to create a limited role with claims (rights) to only poweron and poweroff Machines. This example can be used as the foundating to understand how to add additional Roles with different Claims capabilities.
Solution¶
The Role Base Access and Controls subsystem allows an operator to
construct user account permissions to limit the scope that a user can
impact the Digital Rebar Provision system. Below is an example of how to
create a Claim that assigns the Role
named prod-role
that limits
to only allow IPMI poweron
and poweroff
actions. These permissions
are applied to the specific set of scope Machines:
drpcli roles update prod-role '"Claims": [{"action": "action:poweron, action:poweroff", "scope": "machines", "specific": "*"}]'
Now simply assign this Role to the given users you wish to limit their permissions on.
Additional Information¶
Additional resources and information related to this Knowledge Base article.
See Also¶
Versions¶
all
Keywords¶
poweron, poweroff, limited scope user, claims, roles, rbac, role based authentication controls