Example 2: Read only / write

Here we want all users to have only the ability to execute read only commands whereas the administrators will have access the write commands too. Anonymous users cannot do anything.

policies.yml

---

- description: Admins can do everything.
               Authenticated users are restricted to read-only actions.
               Anonymous users cannot do anything.
  hosts:
    - +.*
  default: ReadOnly
  policies:
    - members:
        - administrators
      rules:
        any:
          Allow:

    - members:
        - anonymous
      rules:
        any:
          Deny:

...

groups.yml

---
anonymous:
  - Anonymous

administrators:
  - rda
  - mal
...