Questions tagged [rbac]
The rbac tag has no usage guidance.
37
questions
15
votes
2
answers
11k
views
sudo not working on certain commands
I have a rather weird problem with sudo on Debian 8. Users cannot execute some of commands in /etc/sudoers.d. I use Chef to distribute configurations, so all files are automatically generated.
...
3
votes
1
answer
284
views
Grsecurity's RBAC policy for scripts
I have some problems with set right policy for my gentoo-based system. I have no idea how can I add permissions for everything which was started by /root/scripts/autosync. I am getting error like:
[...
2
votes
3
answers
7k
views
How to grant a Service Principal access to AKS API when RBAC and AAD integration are activated?
I need to grant a process (build pipeline) RBAC access to AKS API for deployment purposes.
But the target AKS cluster has AAD integration active (as described here)
I was expecting to be able to ...
2
votes
1
answer
2k
views
Group hierarchy in Active Directory [closed]
Is it possible to get group hierarchy in AD? It's for managing permissions to a web app from there.
I need to do this:
Users
Product
Admin
Task
Subtask1
Subtask2
Subtask3
Task 2
So if you are ...
2
votes
1
answer
2k
views
How to implement and modify policies for Role-based access control on Ubuntu Linux?
Selinux is currently installed on the machine but there's no simple way to enable and modify RBAC for users. Seedit is available for Fedora and CentOS but it is not working on Ubuntu distros.
Are ...
1
vote
1
answer
2k
views
kubectl auth can-i says I can, but I can’t
I am baffled. kubectl says I can (via the kubectl auth can-i subcommand), but then when I go to perform the action, I can't.
I have installed kubectl on a docker image which is running on a pod ...
1
vote
2
answers
368
views
Can RBAC secure non-root owners files on aix 6.1?
Can i use the RBAC feature on Aix 6.1 to do the following.
file - myfile.txt
I have users - root , aixuser(non-root).
I want only aixuser to have access to file 'myfile.txt' and NOT the root user.
...
1
vote
2
answers
4k
views
Kubernetes Node Metrics Endpoint Returns 401
I have a GKE cluster which, for the sake of simplicity runs just Prometheus, monitoring each member node. Recently I recently upgraded the API server to 1.6 (which introduces RBAC), and had no issues. ...
1
vote
1
answer
783
views
Azure security center recommandation: issues installing endpoint protection
i am having a hard time with applying the recommandations of the Azure security center for my Windows VMs: it asks to install endpoint protection, but the issue is that whenever i try to install it ...
1
vote
1
answer
50
views
How to enable RBAC automatically
I think I'm missing something simple, but every time I try to gradm -E, I'm being asked for a password. How can I enable it automatically after boot? (so that no password is needed)
1
vote
1
answer
1k
views
Running a command as the root "role" in Solaris 11?
Ok, so we have a product which runs a daemon as root, which can communicate over TCP sockets and read / write files. This works fine in Solaris 10, but when we ported it across to Solaris 11, a load ...
1
vote
1
answer
99
views
Are you able to specify a the profile you want to use in pfexec?
Are you able to specify which profile you want to use for a given user when using pfexec who has been assigned multiple profiles?
One example for this use is so that we can execute a command as a ...
1
vote
1
answer
1k
views
Custom permissions (RBAC) to access specific Azure AD blade
I am looking for a way of tailoring custom RBAC (granting access\creating role & assigning permissions) to specific Azure AD blade.
In fact, I want my end user with a custom role to be able to ...
1
vote
0
answers
200
views
How to define a Management Role Scope which includes multiple OUs in Exchange 2013?
I need to define several custom Management Roles in an Exchange 2013 environment, whose scopes must be limited to recipients in specific OUs; however, these OUs are at the same AD level with other ...
0
votes
4
answers
2k
views
How to grant access to the Microsoft 365 Admin Center to limited Exchange Online administrators?
Related to this: Exchange Online RBAC - How to limit the read scope of a management role?.
We need to allow some administrators to manage only a subset of all mailboxes in Exchange Online; we achieved ...
0
votes
1
answer
2k
views
Listening to 80 port with non-root Glassfish on Centos
I use Glassfish Stack to manage applications. I run Glassfish on CentOS with non-root user. Therefor I am not able to open 80 port as the ports under 1024 are accessibly only by root users.
There is ...
0
votes
1
answer
469
views
Kubernetes cronjob failing to create secret due to RBAC serviceaccount issue
I'm trying to automate the renewal of ECR credentials and storing the token in a secret via a CronJob. Whenever I run the CronJob I'm getting the following error in the resultant job logs
2023-09-...
0
votes
1
answer
289
views
In Azure, how to prevent a user create a Network Interface Card but not modify it?
I want to give a specific RBAC to a user so that he can create a NIC but not to modify. As a matter of fact, what it is aimed is that he shouldn't have permission to change the dynamic ip to static ip ...
0
votes
0
answers
18
views
Metrics-server on a 1.25+ k8s cluster
I’m struggling with a metrics-server on a freshly installed 1.28 cluster. I’ve downloaded the recent 0.7.1 components yaml, but as far as I can see from logs (I relaunched the metrics-server with --v=...
0
votes
0
answers
16
views
Azure Read/Write Function App Config
Which is the azure built-in roles are people using for least privilege that enables users to write to function app config?
I think the required action is: Microsoft.Web/sites/config/write
I checked ...
0
votes
0
answers
108
views
Kasten k10 dashboard 504 error
I Have installed the Kasten k10 on AWS k8, trying to access the dashboard from service port forward.
Dashboard has an network error with error logs on dashboard-svc pod and Gateway pod.
Below are the ...
0
votes
1
answer
79
views
Can't create compute account in Azure, using veeam
I can't create a compute account in Azure, using veeam...
I'm trying to create a new linux veeam appliance in Azure, but before i must create an azure compute account,
My user is global administrator, ...
0
votes
2
answers
620
views
Is there a way to control kubectl exec through something like rbac or anything else?
I want to know if I can limit access to developers, we want to only allow developers to list pods and check logs, no ssh into pods, is that feasible ? This is what I tried, but it seems to not work ..
...
0
votes
1
answer
38
views
Monitor RBAC access
I need to tighten RBAC for already deployed CRD in Kuberenets.
I am wondering can I drop all existing roles and bindings, then monitoring the forbidden access.
Unfortunately the kube-apiserver has no ...
0
votes
0
answers
1k
views
How to get a list of Kubernetes Users?
we have created a Kubernetes Cluster with Azure (AKS) which uses "Local accounts with Kubernetes RBAC" Authentication schema. From our understanding, this is Access-wise as close to K8s-...
0
votes
2
answers
479
views
How to restrict kubernetes dashboard to one namespace
I have setup a microk8s k8s cluster.
I have enabled the kubernetes dashboard in the kube-system namespace.
I have a namespace called XXX and I would like to show this namespace in the dashboard and ...
0
votes
1
answer
3k
views
How to enable read permission on Kubernetes mount path
I have installed FluentD on Kind-Kubernetes cluster on CentOS VM running on my laptop. I'm having issues getting FluentD to read logs as it is throwing the following error.
2021-08-29 08:26:31 +0000 [...
0
votes
1
answer
387
views
Can't configure RBAC to users in EKS
I have deployed EKS using eksctl following this docs.
As the user who created the cluster I have full access control.
Trying to grant system:masters permissions to a specific user doesn't work this ...
0
votes
1
answer
496
views
Can't create Custom RBAC in Management group
I'm trying to create a custom RBAC (Role) at my Management Group level and it doesn't work.
I receive the following error message: Validation error: Custom role at management group scope is not ...
0
votes
1
answer
50
views
Azure RBAC Role to Publish and Mange APPS
I have a requirement where i need to give developers
The ability to create and publish apps in Azure
Manage the secret key of the app
edit the Manifest of the app
Is there a built in role that can ...
0
votes
1
answer
195
views
Users access on Resources, Resource Group, Subscription in Azure How to get through the Powershell
I have Subscription where lots of Resources and Resource group created, i want to list all user access and what type for access level user has like Owner contributor rider through the Powershell
0
votes
1
answer
126
views
Azure VM managent and metrics role
Is there a one built-in role that allows a user to do only the following:
Start , restart and stop VM.
Display VM metrics to this user.
Metrics such as CPU and RAM utilization.
It seems like it ...
0
votes
1
answer
40
views
azure RBACRoletodiable cost view
I would like create a custom role which will diable someone from viewing cost of subscription. For example if i give read access to a person he is able to see cost. I need a RBAC role to be created to ...
0
votes
0
answers
39
views
Unable to perform RBAC for vCenter
I have added the vCenter to the AD, and I am able to retrieve groups. We have a Datacenter which has about 7 ESXi hosts. I'd like to slice these hosts, in such a way that a few users are granted ...
0
votes
1
answer
130
views
Role Based Access Control, Where Roles Change Depending on Location In Application
I am tasked with designing a new, role based access model for our system.
The requirements are something to the effect of the following:
A user can log in, and will have a different role depending ...
0
votes
1
answer
409
views
RBAC not working
I`m learing RBAC in solaris.
bash-2.03# tail -4 /etc/user_attr
root::::type=normal;auths=solaris.*,solaris.grant;profiles=All
mirror::::type=normal;profiles=Mirror
jz::::type=normal;auths=solaris.*,...
-1
votes
1
answer
74
views
What additional role should I provision in an Azure resource group so that a contributor can see/accept/fix Azure SQL security recomendations?
We are receiving security recommendations for one of our Azure SQL databases. I'm owner of the subscription and can see those recommendations in the Azure SQL Security Center. I would like to delegate ...