Skip to main content

Questions tagged [rbac]

The tag has no usage guidance.

Filter by
Sorted by
Tagged with
15 votes
2 answers
11k views

sudo not working on certain commands

I have a rather weird problem with sudo on Debian 8. Users cannot execute some of commands in /etc/sudoers.d. I use Chef to distribute configurations, so all files are automatically generated. ...
Lain Iwakura's user avatar
3 votes
1 answer
284 views

Grsecurity's RBAC policy for scripts

I have some problems with set right policy for my gentoo-based system. I have no idea how can I add permissions for everything which was started by /root/scripts/autosync. I am getting error like: [...
user avatar
2 votes
3 answers
7k views

How to grant a Service Principal access to AKS API when RBAC and AAD integration are activated?

I need to grant a process (build pipeline) RBAC access to AKS API for deployment purposes. But the target AKS cluster has AAD integration active (as described here) I was expecting to be able to ...
Olivier Dauby's user avatar
2 votes
1 answer
2k views

Group hierarchy in Active Directory [closed]

Is it possible to get group hierarchy in AD? It's for managing permissions to a web app from there. I need to do this: Users Product Admin Task Subtask1 Subtask2 Subtask3 Task 2 So if you are ...
JorgeeFG's user avatar
  • 1,003
2 votes
1 answer
2k views

How to implement and modify policies for Role-based access control on Ubuntu Linux?

Selinux is currently installed on the machine but there's no simple way to enable and modify RBAC for users. Seedit is available for Fedora and CentOS but it is not working on Ubuntu distros. Are ...
Dennis Y.'s user avatar
1 vote
1 answer
2k views

kubectl auth can-i says I can, but I can’t

I am baffled. kubectl says I can (via the kubectl auth can-i subcommand), but then when I go to perform the action, I can't. I have installed kubectl on a docker image which is running on a pod ...
Aposhian's user avatar
  • 113
1 vote
2 answers
368 views

Can RBAC secure non-root owners files on aix 6.1?

Can i use the RBAC feature on Aix 6.1 to do the following. file - myfile.txt I have users - root , aixuser(non-root). I want only aixuser to have access to file 'myfile.txt' and NOT the root user. ...
1 vote
2 answers
4k views

Kubernetes Node Metrics Endpoint Returns 401

I have a GKE cluster which, for the sake of simplicity runs just Prometheus, monitoring each member node. Recently I recently upgraded the API server to 1.6 (which introduces RBAC), and had no issues. ...
pnovotnak's user avatar
  • 260
1 vote
1 answer
783 views

Azure security center recommandation: issues installing endpoint protection

i am having a hard time with applying the recommandations of the Azure security center for my Windows VMs: it asks to install endpoint protection, but the issue is that whenever i try to install it ...
WintermeW's user avatar
1 vote
1 answer
50 views

How to enable RBAC automatically

I think I'm missing something simple, but every time I try to gradm -E, I'm being asked for a password. How can I enable it automatically after boot? (so that no password is needed)
viraptor's user avatar
  • 1,176
1 vote
1 answer
1k views

Running a command as the root "role" in Solaris 11?

Ok, so we have a product which runs a daemon as root, which can communicate over TCP sockets and read / write files. This works fine in Solaris 10, but when we ported it across to Solaris 11, a load ...
Rsaesha's user avatar
  • 360
1 vote
1 answer
99 views

Are you able to specify a the profile you want to use in pfexec?

Are you able to specify which profile you want to use for a given user when using pfexec who has been assigned multiple profiles? One example for this use is so that we can execute a command as a ...
jigjig's user avatar
  • 111
1 vote
1 answer
1k views

Custom permissions (RBAC) to access specific Azure AD blade

I am looking for a way of tailoring custom RBAC (granting access\creating role & assigning permissions) to specific Azure AD blade. In fact, I want my end user with a custom role to be able to ...
Sergey's user avatar
  • 153
1 vote
0 answers
200 views

How to define a Management Role Scope which includes multiple OUs in Exchange 2013?

I need to define several custom Management Roles in an Exchange 2013 environment, whose scopes must be limited to recipients in specific OUs; however, these OUs are at the same AD level with other ...
Massimo's user avatar
  • 71.7k
0 votes
4 answers
2k views

How to grant access to the Microsoft 365 Admin Center to limited Exchange Online administrators?

Related to this: Exchange Online RBAC - How to limit the read scope of a management role?. We need to allow some administrators to manage only a subset of all mailboxes in Exchange Online; we achieved ...
Massimo's user avatar
  • 71.7k
0 votes
1 answer
2k views

Listening to 80 port with non-root Glassfish on Centos

I use Glassfish Stack to manage applications. I run Glassfish on CentOS with non-root user. Therefor I am not able to open 80 port as the ports under 1024 are accessibly only by root users. There is ...
Edvinas Bartkus's user avatar
0 votes
1 answer
469 views

Kubernetes cronjob failing to create secret due to RBAC serviceaccount issue

I'm trying to automate the renewal of ECR credentials and storing the token in a secret via a CronJob. Whenever I run the CronJob I'm getting the following error in the resultant job logs 2023-09-...
Walker Christie's user avatar
0 votes
1 answer
289 views

In Azure, how to prevent a user create a Network Interface Card but not modify it?

I want to give a specific RBAC to a user so that he can create a NIC but not to modify. As a matter of fact, what it is aimed is that he shouldn't have permission to change the dynamic ip to static ip ...
MoonHorse's user avatar
  • 107
0 votes
0 answers
18 views

Metrics-server on a 1.25+ k8s cluster

I’m struggling with a metrics-server on a freshly installed 1.28 cluster. I’ve downloaded the recent 0.7.1 components yaml, but as far as I can see from logs (I relaunched the metrics-server with --v=...
drookie's user avatar
  • 8,841
0 votes
0 answers
16 views

Azure Read/Write Function App Config

Which is the azure built-in roles are people using for least privilege that enables users to write to function app config? I think the required action is: Microsoft.Web/sites/config/write I checked ...
tr0users's user avatar
  • 423
0 votes
0 answers
108 views

Kasten k10 dashboard 504 error

I Have installed the Kasten k10 on AWS k8, trying to access the dashboard from service port forward. Dashboard has an network error with error logs on dashboard-svc pod and Gateway pod. Below are the ...
Uday Sriramadas's user avatar
0 votes
1 answer
79 views

Can't create compute account in Azure, using veeam

I can't create a compute account in Azure, using veeam... I'm trying to create a new linux veeam appliance in Azure, but before i must create an azure compute account, My user is global administrator, ...
Milton Steven Jimenez's user avatar
0 votes
2 answers
620 views

Is there a way to control kubectl exec through something like rbac or anything else?

I want to know if I can limit access to developers, we want to only allow developers to list pods and check logs, no ssh into pods, is that feasible ? This is what I tried, but it seems to not work .. ...
logax's user avatar
  • 139
0 votes
1 answer
38 views

Monitor RBAC access

I need to tighten RBAC for already deployed CRD in Kuberenets. I am wondering can I drop all existing roles and bindings, then monitoring the forbidden access. Unfortunately the kube-apiserver has no ...
oliver nadj's user avatar
0 votes
0 answers
1k views

How to get a list of Kubernetes Users?

we have created a Kubernetes Cluster with Azure (AKS) which uses "Local accounts with Kubernetes RBAC" Authentication schema. From our understanding, this is Access-wise as close to K8s-...
Judge's user avatar
  • 121
0 votes
2 answers
479 views

How to restrict kubernetes dashboard to one namespace

I have setup a microk8s k8s cluster. I have enabled the kubernetes dashboard in the kube-system namespace. I have a namespace called XXX and I would like to show this namespace in the dashboard and ...
Viktor Eriksson's user avatar
0 votes
1 answer
3k views

How to enable read permission on Kubernetes mount path

I have installed FluentD on Kind-Kubernetes cluster on CentOS VM running on my laptop. I'm having issues getting FluentD to read logs as it is throwing the following error. 2021-08-29 08:26:31 +0000 [...
Jason Nanay's user avatar
0 votes
1 answer
387 views

Can't configure RBAC to users in EKS

I have deployed EKS using eksctl following this docs. As the user who created the cluster I have full access control. Trying to grant system:masters permissions to a specific user doesn't work this ...
itaied's user avatar
  • 123
0 votes
1 answer
496 views

Can't create Custom RBAC in Management group

I'm trying to create a custom RBAC (Role) at my Management Group level and it doesn't work. I receive the following error message: Validation error: Custom role at management group scope is not ...
eric Immo's user avatar
0 votes
1 answer
50 views

Azure RBAC Role to Publish and Mange APPS

I have a requirement where i need to give developers The ability to create and publish apps in Azure Manage the secret key of the app edit the Manifest of the app Is there a built in role that can ...
Kashif Rashid's user avatar
0 votes
1 answer
195 views

Users access on Resources, Resource Group, Subscription in Azure How to get through the Powershell

I have Subscription where lots of Resources and Resource group created, i want to list all user access and what type for access level user has like Owner contributor rider through the Powershell
Biren's user avatar
  • 31
0 votes
1 answer
126 views

Azure VM managent and metrics role

Is there a one built-in role that allows a user to do only the following: Start , restart and stop VM. Display VM metrics to this user. Metrics such as CPU and RAM utilization. It seems like it ...
jwalker's user avatar
  • 108
0 votes
1 answer
40 views

azure RBACRoletodiable cost view

I would like create a custom role which will diable someone from viewing cost of subscription. For example if i give read access to a person he is able to see cost. I need a RBAC role to be created to ...
Alok J's user avatar
  • 1
0 votes
0 answers
39 views

Unable to perform RBAC for vCenter

I have added the vCenter to the AD, and I am able to retrieve groups. We have a Datacenter which has about 7 ESXi hosts. I'd like to slice these hosts, in such a way that a few users are granted ...
stealthmode's user avatar
0 votes
1 answer
130 views

Role Based Access Control, Where Roles Change Depending on Location In Application

I am tasked with designing a new, role based access model for our system. The requirements are something to the effect of the following: A user can log in, and will have a different role depending ...
Bob Dole's user avatar
0 votes
1 answer
409 views

RBAC not working

I`m learing RBAC in solaris. bash-2.03# tail -4 /etc/user_attr root::::type=normal;auths=solaris.*,solaris.grant;profiles=All mirror::::type=normal;profiles=Mirror jz::::type=normal;auths=solaris.*,...
Mingwei Li's user avatar
-1 votes
1 answer
74 views

What additional role should I provision in an Azure resource group so that a contributor can see/accept/fix Azure SQL security recomendations?

We are receiving security recommendations for one of our Azure SQL databases. I'm owner of the subscription and can see those recommendations in the Azure SQL Security Center. I would like to delegate ...
lpacheco's user avatar
  • 157