Your best bet is probably to upgrade to Chef Server 12 and then use the
more fine grained RBAC permissions it contains to manage this, although
I don’t believe there is a simple read only switch you can flip, so
you’ll likely have to play with the permission system to get things correct.
The webui gives you some access to manage this, although it is far from
perfect (and the webui is only free for use up to 25 nodes), otherwise
command line tools are available to manage this. knife-acl exists for
this, but has lots of warnings around it, since it is modifying the
underlying permissions of the system.
Koert Kuipers mailto:firstname.lastname@example.org
January 8, 2015 at 11:39 PM
we recently put a berks-api in front our chef server so that it can be
our central repository for cookbooks. its working nicely.
but since Berkshelf files now reference our "inhouse supermarket"
instead of git and/or path locations, it also means a lot more people
need access to our chef server. for example anyone that does kitchen
testing. but i dont want all those people to be able to upload or
modify things in the chef-server. so how can i give them read only
access? we are in chef server 11.