Skip to main content

Chef 360 Platform managed policies

Chef 360 Platform managed policies are defined and managed by Progress Chef and can’t be modified by users. These policies define a set of default allowed actions and are added to Chef 360 Platform managed roles, giving users with those roles the corresponding privileges.

Chef 360 Platform has the following system managed policies.

authz-policy-role-management

Permits managing roles, policies, and actions such as creating, updating, enabling, disabling, deleting, listing, and verifying arrays of routes and HTTP methods to test a policy or role.

courier-manage-courier-jobs

Permits creating, getting, deleting, listing, and retrieving scheduled jobs. Also permits getting request headers for a job by its identifier, replacing a job with a new job, canceling all future occurrences of a job, getting future execution times for a job, and marking the specified job as having been activated.

courier-manage-global-exceptions

Permits getting, adding, deleting, updating, and scheduling exception rules. Also permits getting scheduling exception rules using the exception rule identifier.

courier-track-courier-jobs

Permits getting, updating, and listing job instances. Also permits capturing the state of a job that’s about to start, getting and updating a job run, notifying the system state that a job run has been received, retrieving and updating all step results for the given run, and adding and getting evidence for a job run.

license-management-policy

Permits a tenant administrator to manage all license-related operations such as getting assets, entitlements, features, and licenses. Also grants permission to download, load, upload, sync, enable, disable, remove, and validate licenses.

license-usage-policy

Permits tenant administrators to manage license usage, audit, and inventory.

manage-node-cohorts

Permits listing, adding, getting, and deleting node cohorts under node management. Also permits updating a node cohort’s override settings group and updating a node cohort’s skill assembly.

manage-override-settings

Permits adding, getting, deleting, and updating override settings for a skill. Also permits adding and updating global default settings and getting merged global and override settings.

manage-skill-assembly

Permits listing, adding, getting, updating, and deleting skill assemblies under node management.

manage-skill-definitions

Permits listing, adding, getting, updating, and deleting skill definitions under node management.

manage-tags

Permits setting, deleting, and updating tags under node management.

node-accounts-admin-policy

Permits registering a node, assigning a new role to given node, deleting a node, disabling and enabling a node and its assigned role, credential rotation, and verifying a node against a role.

node-accounts-viewer-policy

Permits viewing nodes, node roles, and node authorization information.

node-enrollment

Permits enrolling a node or nodes with the Node Management and getting and updating node enrollment status.

node-specific-details

Permits listing, registering, getting, updating, and checking-in nodes and node settings. Also permits deleting and updating the attributes with the given namespace and setting, deleting, and updating tags under Node Management.

node-management-manage-node-filters

Permits listing, adding, getting, updating, and deleting node filters under Node Management. Also permits saving node filters, adding skills to each node returned from a filter, and running an ad-hoc node filter.

node-management-manage-saved-lists

Permits getting, adding, and deleting the node lists under node management. Also permits adding and deleting node IDs to a static node list and adding a skill to all nodes in a node list.

self-manager-policy

Permits users to manage their own accounts, such as viewing roles, the current active role, organizations, and their current organization. Also permits listing, creating, deleting, and revoking their API tokens and registering, deregistering, enabling, and disabling devices.

system-organization-manage

Permits tenant administrators to manage an organization. Allowed actions include create, read, verify, update, enable, and disable organizations associated with the given organization ID.

system-organizations-viewer

Permits a tenant administrator to view all organizations within the current tenant.

user-accounts-identity-operations

Permits a tenant administrator to create and list users, read and update user details associated with a user ID, delete users, expire a user password, and enable and disable a user associated with a user ID.

user-accounts-manage-policy

This policy permits listing identity users, users, and user roles.

user-accounts-manage-api-token-policy

Permits creating or listing API tokens, verifying a token, revoking a user’s API token in the current organization, and getting OAuth authorization codes and JSON Web Tokens for the current tenant.

user-accounts-manage-users-policy

Permits managing user actions such as adding a user to a current organization, assigning roles to users, creating batches of users and assigning roles to them, disabling and enabling user and its assigned roles, and deleting user and its assigned role to it.

application_key_access_policy

Permits users to manage application keys. Allowed actions include create, read, update, rotate, enable, disable, and delete application keys for the organization.

node_approve_policy

Permits users to approve nodes that are enrolled through self enrollment and are waiting for approval. Allowed actions include approving a node using its node ID.

Thank you for your feedback!

×