https://lakefs.io/ logo
#help
Title
# help
c

Cristian Caloian

03/17/2023, 12:22 PM
Hi, what policy do I need to set to give permissions for setting branch protection rules? I couldn’t find one that matches exactly the description, so I guess it must be covered by some other more general one. The user has permissions to see Actions, Settings>General and Settings>Retention, but does not have permission for Settings>Branches.
b

Barak Amar

03/17/2023, 12:27 PM
The
RepoManagementFullAccess
policy holds
branches:*
that should enable you to manage branch protection rules.
o

Oz Katz

03/17/2023, 12:31 PM
@Barak Amar I opened issue #5513 to track this - currently
branches:*
permissions are not documented.
c

Cristian Caloian

03/17/2023, 12:51 PM
Thanks 🙏 Would that have other “side” permissions? I’m wondering if it is too loose. Would this be a correct statement to restrict it to a specific repo?
Copy code
{
  "action": [
    "branches:*"
  ],
  "effect": "allow",
  "resource": "arn:lakefs:fs:::repository/<repository-name>"
}
b

Barak Amar

03/17/2023, 12:54 PM
Thanks @Oz Katz
@Cristian Caloian it should work as the actions currently checked are
branches:GetBranchProtectionRules
and
branches:SetBranchProtectionRules
c

Cristian Caloian

03/17/2023, 1:58 PM
It works! Thank a lot 🙏
😁 1
4 Views