Policy with * - user level

senthil1988 · July 26, 2022, 6:19pm

Let’s assume i am a vault user and i am the owner of my application namespace. If i create a policy with *, what is the maximum access I can get ?

Audit would like to know, if an user create a * policy how does that stop him/her from accessing the system level policies or root policies. I am certain that it restricts only to the namespace they are authorized to, and vault has an “implicit deny” permissions, but what does the backend technical configurations to this ?

Thanks in Advance

maxb · July 26, 2022, 10:45pm

All policy paths defined within namespaces, are relative to the namespace in which they are defined. So * within a namespace is effectively the-namespace-name/*.

aram · July 27, 2022, 5:46am

@jeffsanicola has this readme page which makes it clearer:

Topic		Replies	Views
Overlapping policies in different namespaces causing unexpected behavior Vault vault	1	27	August 15, 2024
Vault Namespace - shutdown / disable access Vault	2	274	August 25, 2022
HashiCorp Vault - Deny login access to Root namespace for non-Admin users Vault	11	1012	July 2, 2022
Granting access in root namespce Vault vault	0	307	December 9, 2020
Best practices on mounts and paths Vault vault	1	741	August 26, 2021

Policy with * - user level

Related topics