github.com/argoproj/argo-cd@v1.8.7/assets/builtin-policy.csv (about) 1 # Built-in policy which defines two roles: role:readonly and role:admin, 2 # and additionally assigns the admin user to the role:admin role. 3 # There are two policy formats: 4 # 1. Applications (which belong to a project): 5 # p, <user/group>, <resource>, <action>, <project>/<object> 6 # 2. All other resources: 7 # p, <user/group>, <resource>, <action>, <object> 8 9 p, role:readonly, applications, get, */*, allow 10 p, role:readonly, certificates, get, *, allow 11 p, role:readonly, clusters, get, *, allow 12 p, role:readonly, repositories, get, *, allow 13 p, role:readonly, projects, get, *, allow 14 p, role:readonly, accounts, get, *, allow 15 p, role:readonly, gpgkeys, get, *, allow 16 17 p, role:admin, applications, create, */*, allow 18 p, role:admin, applications, update, */*, allow 19 p, role:admin, applications, delete, */*, allow 20 p, role:admin, applications, sync, */*, allow 21 p, role:admin, applications, override, */*, allow 22 p, role:admin, applications, action/*, */*, allow 23 p, role:admin, certificates, create, *, allow 24 p, role:admin, certificates, update, *, allow 25 p, role:admin, certificates, delete, *, allow 26 p, role:admin, clusters, create, *, allow 27 p, role:admin, clusters, update, *, allow 28 p, role:admin, clusters, delete, *, allow 29 p, role:admin, repositories, create, *, allow 30 p, role:admin, repositories, update, *, allow 31 p, role:admin, repositories, delete, *, allow 32 p, role:admin, projects, create, *, allow 33 p, role:admin, projects, update, *, allow 34 p, role:admin, projects, delete, *, allow 35 p, role:admin, accounts, update, *, allow 36 p, role:admin, gpgkeys, create, *, allow 37 p, role:admin, gpgkeys, delete, *, allow 38 39 g, role:admin, role:readonly 40 g, admin, role:admin