A policy is a set of permissions for GoCD entities such as environments, configuration repositories, etc. The policy defines the access of a GoCD entity for the users in a role. GoCD supports a restrictive model of access i.e. until access is granted, the entity can’t be accessed by anyone (except admins).
A permission consists of 3 values:
- Type: The type of GoCD entity. Supported values are
environment, config-repo. Wildcard(
*) is also permitted which means all supported values.
- Action: The action which is controlled. Supported values are
- Resource: The resource can be the name of entity or a pattern consisting of wildcard (
*) matching one or more entities
Currently, GoCD has 2 types of permissions:
- Allow: The allow permission grants access to the specified entity for the specific action.
- Deny: The deny permission restricts the access to the specified entity for the specific action.
Note: If both the permission are specified for the same entity, the
denypermission takes precendence.
Each GoCD entity has a set of actions which grants/restricts control on a granular level. The following matrix describes the same.
Index Get Create Update Patch Delete View ✔ ✔ ✘ ✘ ✘ ✘ Administer ✔ ✔ ✔ ✔ ✔ ✔
List Create Update Delete View ✔ ✘ ✘ ✘ Administer ✔ ✔ ✔ ✔
Index Get Create Update Delete View ✔ ✔ ✘ ✘ ✘ Administer ✔ ✔ ✔ ✔ ✔
List Create Refresh Update Delete View ✔ ✘ ✘ ✘ ✘ Administer ✔ ✔ ✔ ✔ ✔
Login into your GoCD server.
Go to Admin menu → Role Configuration.
Enter a unique name for role configuration.
Select permission as
Allow, type as
Environment, action as
*. This will grant view permission for all environments to the users which has this role.
Once the role has been created, go ahead and add users to the same. The access to the GoCD entities for these users will governed as per permissions configured.