Policy to user to manage particular group

gke · May 25, 2021, 7:31am

Hi,
I have a internal group - “test1”

Name - “test1”
Type - “internal”
ID - 484a112d-fd3b-de52-cf7d-ec6098d56bce

I am trying to create a group admin policy for specific user ( allow him to manage this particular group )

I tried following policy
path “identity/group/id/*” {
capabilities = [“create”, “read”, “update”, “delete”, “list”]
}} —> Give access to all groups

2 option
path “identity/group/id/484a112d-fd3b-de52-cf7d-ec6098d56bce” {
capabilities = [“create”, “read”, “update”, “delete”, “list”]
}}-----> Does not work

3 options
path “identity/group/id/*” {
capabilities = [“create”, “read”, “update”, “delete”, “list”]
allowed_parameters = {
“name” = [“test”]
}
}----> Give access to all groups

How to achieve group admin policy ?

mikegreen · May 25, 2021, 6:50pm

Are you wanting to hardcode the ID? You might want to use a template - ACL Policy Path Templating | Vault - HashiCorp Learn

Which should yield something like

path "identity/group/
{
  	capabilities = ["list"]
}

path "identity/group/id/{{identity.groups.names.<groupname>.id}}"
{
	capabilities = ["create", "read", "update", "delete", "list"]
}

Topic		Replies	Views
Creating policy with access to specific policies Vault	1	439	February 23, 2021
Allow user to update/delete certain policies(Hashicorp Vault) Vault vault	0	360	August 17, 2021
Allowing user to modify group memberships Vault	1	766	November 17, 2021
Vault secret access to specific group members Vault	1	1191	November 27, 2022
ACL policy creation Vault	1	528	October 21, 2020

Policy to user to manage particular group

Related topics