Creating policy with access to specific policies

gwynnbleid777 · November 26, 2019, 5:41pm

Hello to everyone!
I need to create an ACL policy for a person, who should give only specified ACL policies (by wildcard) to other users, and only this policies should be available for choice in editing entity menu.

I searched in documentation (https://learn.hashicorp.com/vault/identity-access-management/iam-policies) but haven’t found an answer, tried to configure my policy for limiting access to all policies like this :

path “sys/policies/acl/xxx*” {
capabilities = [ “read”, “list”]
}

where xxx* is regexp for policies to be accessed (xxxPolicy1, xxxPolicy2, etc)
but still has got no luck.

braudel · February 23, 2021, 3:10pm

Did you find a solution for this?

I am facing the same issue. I have 2 teams, which have permissions to create policies under their own “paths” (sys/policies/acl/team-1, sys/policies/acl/team-2)… But currently a role created by either team under their paths cat use a policy under the other team’s path.

Is it possible to restrict groups to only a subset of policies ie team-2 can only use policies under sys/policies/acl/team-2 ?

Topic		Replies	Views
ACL policy creation Vault	1	528	October 21, 2020
Policy to user to manage particular group Vault	1	271	May 25, 2021
Allow user to update/delete certain policies(Hashicorp Vault) Vault vault	0	355	August 17, 2021
How can I securely manage users who have permission to create policies Vault vault	6	317	May 17, 2022
Restrict creating tokens to policies with a subset of privileges Vault vault	0	19	December 13, 2024

Creating policy with access to specific policies

Related topics