Hi I have chef12 server. I need to create couple of user accounts with the precise sets of privileges
- Account1 - ability to read,update,remove data_bags. Nothing else.
- Account2 - ability to read,update, nodes. Nothing else.
I know there a groups and polices in chef12 to accomplish such a tasks, but it seems quite complicated for me, if anyone could help me with a concrete examples?
You can use knife acl for that: https://github.com/chef/knife-acl
Example for data bags:
knife group add data-writers
knife acl add group data-writers containers data read,update,delete
knife acl bulk add group data-writers data “.*” read,update,delete
Next you need to make sure that your user is part of data-writers group only.
You should be able to figure out the rest from readme at github repo
Hi Ilya! Thanks , already did the way you told …