Permissions — VMware Salt API
Permissions
You can assign permissions to a role or user in the API (RaaS) using
save_role(...) or save_user(...) in the
auth interface.
Permission value syntax
Permission values include a resource type and an action:
resource-action
Some permission values include a qualifier:
resource-qualifier-action
For example, to assign permission to run commands use cmd-run.
To assign permission to run wheel commands use cmd-wheel-run.
Note: The above syntax does not apply to the Super user
permission, whose API value is
superuser.
API Permission values by resource
| Resource | Permission values |
|---|---|
| Commands | cmd-delete, cmd-read, cmd-run, cmd-write |
| Runner commands | cmd-runner-run |
| SSH commands | cmd-ssh-delete, cmd-ssh-read, cmd-ssh-run, cmd-ssh-write |
| Wheel commands | cmd-wheel-run |
| Formulas | formula-delete, formula-read, formula-write |
| Filesystem | fs-delete, fs-read, fs-write |
| Groups | group-delete, group-read, group-write |
| Jobs | job-delete, job-read, job-run, job-write |
| License | license-read |
| Salt controller | master-delete, master-read, master-write |
| Salt controller configuration | master-config-delete, master-config-read, master-config-write |
| Salt controller filesystem | master-fs-delete, master-fs-read, master-fs-write |
| Minion | minion-delete, minion-read, minion-write |
| Pillar | pillar-delete, pillar-read, pillar-write |
| Returners | returner-delete, returner-read, returner-write |
| Roles | role-delete, role-read, role-write |
| Schedules | schedule-delete, schedule-read, schedule-write |
| Super user | superuser |
| Target | target-delete, target-read, target-write, target-allminions-run |
| Users | user-delete, user-read, user-write |