https://lakefs.io/ logo
Join SlackCommunities
Powered by
Hey all, I couldn't find `ci:*` actions in the "A...
# help
g
Hey all, I couldn't find 
ci:*
actions in the "Actions and Permissions" table: https://docs.lakefs.io/reference/authorization.html#authorization. What does this action stand for (e.g. 
ci:*
action in 
RepoManagementFullAccess
policy)?
g
Hey @Gal Bachar, 
ci
stands for continuous integration and it is used for actions, It is currently missing in the documentation, I will add them today. Thanks!
g
Hey @Guy Hardonag, It would be nice to see an example with 
deny
effect as well (in combination with an 
allow
effect)
g
Our implementation is base on AWS RBAC detailed documentation could be found at https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html You can find an explanation and some examples with allow and deny there.
g
Hey @Guy Hardonag, What does fs:ExportConfig stand for? It's not in the documentation: Authorization ExportSetConfiguration:
Copy code
{
  "statement": [
    {
      "action": [
        "fs:ExportConfig"
      ],
      "effect": "allow",
      "resource": "*"
    }
  ]
}
Also, please let me know what the purpose of ExportSetConfiguration is.. ExportSetConfiguration is included in fs:* (FSFullAccess). That is quite confusing, what is the purpose of including ExportSetConfiguration along with FSFullAccess?
Copy code
Admins
Policies: ["FSFullAccess", "AuthFullAccess", "RepoManagementFullAccess", "ExportSetConfiguration"]
g
Hey @Gal Bachar, 
fs:ExportConfig
is not used anymore, it was used in previous version of export. The reason you see the together it’s because both policies are attached to Admin group. I will update the Documentation.
3 Views
Open in Slack
PreviousNext
Powered by