github.com/argoproj/argo-cd/v3@v3.2.1/docs/user-guide/commands/argocd_proj_role_add-policy.md (about) 1 # `argocd proj role add-policy` Command Reference 2 3 ## argocd proj role add-policy 4 5 Add a policy to a project role 6 7 ``` 8 argocd proj role add-policy PROJECT ROLE-NAME [flags] 9 ``` 10 11 ### Examples 12 13 ``` 14 # Before adding new policy 15 $ argocd proj role get test-project test-role 16 Role Name: test-role 17 Description: 18 Policies: 19 p, proj:test-project:test-role, projects, get, test-project, allow 20 JWT Tokens: 21 ID ISSUED-AT EXPIRES-AT 22 1696759698 2023-10-08T11:08:18+01:00 (3 hours ago) <none> 23 24 # Add a new policy to allow update to the project 25 $ argocd proj role add-policy test-project test-role -a update -p allow -o project 26 27 # Policy should be updated 28 $ argocd proj role get test-project test-role 29 Role Name: test-role 30 Description: 31 Policies: 32 p, proj:test-project:test-role, projects, get, test-project, allow 33 p, proj:test-project:test-role, applications, update, test-project/project, allow 34 JWT Tokens: 35 ID ISSUED-AT EXPIRES-AT 36 1696759698 2023-10-08T11:08:18+01:00 (3 hours ago) <none> 37 38 # Add a new policy to allow get logs to the project 39 $ argocd proj role add-policy test-project test-role -a get -p allow -o project -r logs 40 41 # Policy should be updated 42 $ argocd proj role get test-project test-role 43 Role Name: test-role 44 Description: 45 Policies: 46 p, proj:test-project:test-role, projects, get, test-project, allow 47 p, proj:test-project:test-role, applications, update, test-project/project, allow 48 p, proj:test-project:test-role, logs, get, test-project/project, allow 49 JWT Tokens: 50 ID ISSUED-AT EXPIRES-AT 51 1696759698 2023-10-08T11:08:18+01:00 (3 hours ago) <none> 52 53 ``` 54 55 ### Options 56 57 ``` 58 -a, --action string Action to grant/deny permission on (e.g. get, create, list, update, delete) 59 -h, --help help for add-policy 60 -o, --object string Object within the project to grant/deny access. Use '*' for a wildcard. Will want access to '<project>/<object>' 61 -p, --permission string Whether to allow or deny access to object with the action. This can only be 'allow' or 'deny' (default "allow") 62 -r, --resource string Resource e.g. 'applications', 'applicationsets', 'logs', 'exec', etc. (default "applications") 63 ``` 64 65 ### Options inherited from parent commands 66 67 ``` 68 --argocd-context string The name of the Argo-CD server context to use 69 --auth-token string Authentication token; set this or the ARGOCD_AUTH_TOKEN environment variable 70 --client-crt string Client certificate file 71 --client-crt-key string Client certificate key file 72 --config string Path to Argo CD config (default "/home/user/.config/argocd/config") 73 --controller-name string Name of the Argo CD Application controller; set this or the ARGOCD_APPLICATION_CONTROLLER_NAME environment variable when the controller's name label differs from the default, for example when installing via the Helm chart (default "argocd-application-controller") 74 --core If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server 75 --grpc-web Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. 76 --grpc-web-root-path string Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root. 77 -H, --header strings Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers) 78 --http-retry-max int Maximum number of retries to establish http connection to Argo CD server 79 --insecure Skip server certificate and domain verification 80 --kube-context string Directs the command to the given kube-context 81 --logformat string Set the logging format. One of: json|text (default "json") 82 --loglevel string Set the logging level. One of: debug|info|warn|error (default "info") 83 --plaintext Disable TLS 84 --port-forward Connect to a random argocd-server port using port forwarding 85 --port-forward-namespace string Namespace name which should be used for port forwarding 86 --prompts-enabled Force optional interactive prompts to be enabled or disabled, overriding local configuration. If not specified, the local configuration value will be used, which is false by default. 87 --redis-compress string Enable this if the application controller is configured with redis compression enabled. (possible values: gzip, none) (default "gzip") 88 --redis-haproxy-name string Name of the Redis HA Proxy; set this or the ARGOCD_REDIS_HAPROXY_NAME environment variable when the HA Proxy's name label differs from the default, for example when installing via the Helm chart (default "argocd-redis-ha-haproxy") 89 --redis-name string Name of the Redis deployment; set this or the ARGOCD_REDIS_NAME environment variable when the Redis's name label differs from the default, for example when installing via the Helm chart (default "argocd-redis") 90 --repo-server-name string Name of the Argo CD Repo server; set this or the ARGOCD_REPO_SERVER_NAME environment variable when the server's name label differs from the default, for example when installing via the Helm chart (default "argocd-repo-server") 91 --server string Argo CD server address 92 --server-crt string Server certificate file 93 --server-name string Name of the Argo CD API server; set this or the ARGOCD_SERVER_NAME environment variable when the server's name label differs from the default, for example when installing via the Helm chart (default "argocd-server") 94 ``` 95 96 ### SEE ALSO 97 98 * [argocd proj role](argocd_proj_role.md) - Manage a project's roles 99