Need OPA policies for RBAC
L
Late Toucan
- Restrict sensitive harness permissions in Create Role
When app team creates Harness role, Role should always prefix with “abc” (eg: abc Project Admin)
If Role is created with Manager User and Invite User – Restrict the Role permission
- Restrict Usergroup role binding only with abc Role
When app team creates Harnes User Group, they can bind Harness role only that prefix with “abc”
If the User Group Role binding is created with Non abc role – block the action
- Restrict UserGroup SAML binding with only harness idmart group
When app team creates Harnes User Group, they can bind SAML SSO group that has
abc-gp
If the User Group SAML SSO binding is created with Non
abc-gp
– block the action- OPA policy that should not allow users to delete a set of variables that we are creating by default in every project, Only Admins could.
Log In