Re: How to restrict the User from extending the path


When user entering credentials in Hashicorp Vault UI, how do you prevent the user from extending the path?

My ACL Police:

path “provision/" {
capabilities = [“list”]
path "provision/data/+/azrscmbi/dev” {
capabilities = [“create”, “read”, “update”, “patch”, “delete”, “list”]

Here, the user can extend the path on his own. At the same time, I want him to be able to store credentials on the path which I provide in the policy. However, I don’t want him to be able to extend the path. The user would be allowed to create a file for storing the key and value, according to the path I specify in the policy

When I remove the Create from the capabilities, user was unable to create a file to store the key and value. My goal is to restrict only the creation of folders.


The policy you have posted doesn’t allow that.

You must have other policies granting more access.

Nope, I am damn sure. Because there is no other policy in my vault server.

Perhaps special characters in your policy have been interpreted as formatting codes by the forum software, and removed.

Please check, and repost it as a code block (```)

Nope, I tried it does not work. Is there another way to achieve this?

I stand by what I previously said.