Example 3: Restrict by container name¶
Here we want all users from groups group1 and group2 to manage only containers having their name starting with foo- or bar- or $USER-. Otherwize read-only actions are permitted. All administrators are allowed to manage all containers. Anonymous and all other users cannot do anything.
---
- description: Admins can do everything.
Users from groups are restricted by container name. Or read-only.
Anonymous users cannot do anything.
hosts:
- +.*
default: Deny
policies:
- members:
- administrators
rules:
any:
Allow:
- members:
- user_group1
- user_group2
rules:
containers:
ContainerName:
- ^foo-
- ^bar-
- ^$USER-
any:
ReadOnly:
...
---
user_group1:
- jre
- sve
user_group2:
- cjo
- mgr
administrators:
- rda
- mal
...