Permissions

Permission declarations validate that the user applying the policy has the required privileges to successfully run the policy. The declarations must include the privileges required to retrieve the data as well as the privileges required to run the policy actions. Permission declarations are not required to apply the policy or run the policy actions. However, they are recommended. The user’s privileges are verified against the permission declarations when they attempt to apply the policy.

Each permission declaration can list multiple required privileges. The set is defined by providing a list of resource types and a list of actions that the policy needs to perform on these resources:

permission do 

   label "List Instances" 

   resources "rs_cm.instances" 

   actions "rs_cm.index" 

end 

 

permission do 

   label "List and delete servers and instances" 

   resources "rs_cm.servers", "rs_cm.instances" 

   actions "rs_cm.index", "rs_cm.destroy" 

end