github.com/argoproj/argo-cd/v3@v3.2.1/assets/builtin-policy.csv

github.com/argoproj/argo-cd/v3@v3.2.1/assets/builtin-policy.csv (about)

     1  # Built-in policy which defines two roles: role:readonly and role:admin,
     2  # and additionally assigns the admin user to the role:admin role.
     3  # There are two policy formats:
     4  # 1. Applications, applicationsets, logs, and exec (which belong to a project):
     5  # p, <role/user/group>, <resource>, <action>, <project>/<object>, <allow/deny>
     6  # 2. All other resources:
     7  # p, <role/user/group>, <resource>, <action>, <object>, <allow/deny>
     8  
     9  p, role:readonly, applications, get, */*, allow
    10  p, role:readonly, applicationsets, get, */*, allow
    11  p, role:readonly, certificates, get, *, allow
    12  p, role:readonly, clusters, get, *, allow
    13  p, role:readonly, repositories, get, *, allow
    14  p, role:readonly, write-repositories, get, *, allow
    15  p, role:readonly, projects, get, *, allow
    16  p, role:readonly, accounts, get, *, allow
    17  p, role:readonly, gpgkeys, get, *, allow
    18  p, role:readonly, logs, get, */*, allow
    19  
    20  p, role:admin, applications, create, */*, allow
    21  p, role:admin, applications, update, */*, allow
    22  p, role:admin, applications, update/*, */*, allow
    23  p, role:admin, applications, delete, */*, allow
    24  p, role:admin, applications, delete/*, */*, allow
    25  p, role:admin, applications, sync, */*, allow
    26  p, role:admin, applications, override, */*, allow
    27  p, role:admin, applications, action/*, */*, allow
    28  p, role:admin, applicationsets, get, */*, allow
    29  p, role:admin, applicationsets, create, */*, allow
    30  p, role:admin, applicationsets, update, */*, allow
    31  p, role:admin, applicationsets, delete, */*, allow
    32  p, role:admin, certificates, create, *, allow
    33  p, role:admin, certificates, update, *, allow
    34  p, role:admin, certificates, delete, *, allow
    35  p, role:admin, clusters, create, *, allow
    36  p, role:admin, clusters, update, *, allow
    37  p, role:admin, clusters, delete, *, allow
    38  p, role:admin, repositories, create, *, allow
    39  p, role:admin, repositories, update, *, allow
    40  p, role:admin, repositories, delete, *, allow
    41  p, role:admin, write-repositories, create, *, allow
    42  p, role:admin, write-repositories, update, *, allow
    43  p, role:admin, write-repositories, delete, *, allow
    44  p, role:admin, projects, create, *, allow
    45  p, role:admin, projects, update, *, allow
    46  p, role:admin, projects, delete, *, allow
    47  p, role:admin, accounts, update, *, allow
    48  p, role:admin, gpgkeys, create, *, allow
    49  p, role:admin, gpgkeys, delete, *, allow
    50  p, role:admin, exec, create, */*, allow
    51  
    52  g, role:admin, role:readonly
    53  g, admin, role:admin