Permissions — VMware Salt API

Permissions — VMware Salt API

Permissions

You can assign permissions to a role or user in the API (RaaS) using save_role(...) or save_user(...) in the auth interface.

Permission value syntax

Permission values include a resource type and an action:

resource-action

Some permission values include a qualifier:

resource-qualifier-action

For example, to assign permission to run commands use cmd-run. To assign permission to run wheel commands use cmd-wheel-run.

Note: The above syntax does not apply to the Super user permission, whose API value is superuser.

API Permission values by resource

ResourcePermission values
Commandscmd-delete, cmd-read, cmd-run, cmd-write
Runner commandscmd-runner-run
SSH commandscmd-ssh-delete, cmd-ssh-read, cmd-ssh-run, cmd-ssh-write
Wheel commandscmd-wheel-run
Formulasformula-delete, formula-read, formula-write
Filesystemfs-delete, fs-read, fs-write
Groupsgroup-delete, group-read, group-write
Jobsjob-delete, job-read, job-run, job-write
Licenselicense-read
Salt controllermaster-delete, master-read, master-write
Salt controller configurationmaster-config-delete, master-config-read, master-config-write
Salt controller filesystemmaster-fs-delete, master-fs-read, master-fs-write
Minionminion-delete, minion-read, minion-write
Pillarpillar-delete, pillar-read, pillar-write
Returnersreturner-delete, returner-read, returner-write
Rolesrole-delete, role-read, role-write
Schedulesschedule-delete, schedule-read, schedule-write
Super usersuperuser
Targettarget-delete, target-read, target-write, target-allminions-run
Usersuser-delete, user-read, user-write