Skip to main content

Chef 360 Platform managed policies

Chef 360 Platform managed policies are defined and managed by Progress Chef and can’t be modified by users. These policies define a set of default allowed actions and are added to Chef 360 Platform managed roles giving users with those roles the corresponding privileges.

Chef 360 Platform has the following system managed policies.

authz-policy-role-management

Permits managing roles, policies, and actions like creating, updating, enabling, disabling, deleting, listing, and verifying arrays of routes and HTTP methods to test a policy or role.

courier-manage-courier-jobs

Permits creating, getting, deleting, listing, and retrieving scheduled jobs; getting request headers for a job by its identifier; replacing a job with a new job, cancelling all future occurrences of a job; getting future execution times for a job; marking the specified job as having been activated.

courier-manage-global-exceptions

Permits getting, adding, deleting, updating, and scheduling exception rules; and getting scheduling exception rules using the exception rule identifier.

courier-track-courier-jobs

Permits getting, updating, and listing job instances; capturing the state of a job that is about to start; getting and updating a job run; notifying the system state that a job run has been received; retrieving and updating all step results for the given run; and adding and getting evidence for a job run.

license-management-policy

Permits a tenant administrator to manage all license-related operations like getting assets, entitlements, features, and licenses; and grants permission to download, load, upload, sync, enable, disable, remove and validating licenses.

license-usage-policy

Permits tenant administrators to manage license usage, audit, and inventory.

manage-node-cohorts

Permits listing, adding, getting, deleting node cohorts under node management. Also it is used for updating a node cohort’s override settings group and updating a node cohort’s skill assembly.

manage-override-settings

Permits adding, getting, deleting, and updating override settings for a skill; adding and updating global default settings; and getting merged global and override settings.

manage-skill-assembly

Permits listing, adding, getting, updating, and deleting skill assemblies under node management.

manage-skill-definitions

Permits listing, adding, getting, updating, deleting skill definitions under node management.

manage-tags

Permits setting, deleting, and updating tags under node management.

node-accounts-admin-policy

Permits registering a node, assigning a new role to given node, deleting a node, disabling, enabling a node and its assigned role, credential rotation, and verifying a node against a role.

node-accounts-viewer-policy

Permits viewing nodes, node roles, and node authorization information.

node-enrollment

Permits enrolling a node or nodes with the Node Management, and getting and updating node enrollment status.

node-specific-details

Permits listing, registering, getting, updating, and checking-in nodes and node settings; deleting and updating the attributes with the given namespace; and setting, deleting, and updating tags under Node Management.

node-management-manage-node-filters

Permits listing, adding, getting, updating, deleting, saving node filters under Node Management; and adding skills to each node returned from a filter; and running an ad-hoc node filter.

node-management-manage-saved-lists

Permits getting, adding, deleting the node lists under node management. Also used for adding, deleting node IDs to a static node list and adding a skill to all nodes in a node list.

self-manager-policy

Permits users to manage their own accounts, like viewing roles, the current active role, organizations, and their current organization; list, create, delete, and revoke their API tokens; and register, deregister, enable, and disable devices.

system-organization-manage

Permits tenant administrators to manage an organization. Allowed actions include create, read, verify, update, enable and disable organizations associated with the given organization ID.

system-organizations-viewer

Permits a tenant administrator to view all organizations within the current tenant.

user-accounts-identity-operations

Permits a tenant administrator to create and list users, read and update user details associated with a user ID, delete users, expire a user password, and enable and disable a user associated with a user ID.

user-accounts-manage-policy

This policy permits listing identity users, users, and user roles.

user-accounts-manage-api-token-policy

This policy permits creating or listing API tokens, verifying a token, revoking a user’s API token in the current organization, and getting OAuth authorization codes and JSON Web Token’s for the current tenant.

user-accounts-manage-users-policy

This policy permits managing user actions like adding a user to a current organization, assigning roles to users, creating batches of users and assigning roles to them; disabling, enabling user and its assigned roles, deleting user and its assigned role to it.

Thank you for your feedback!

×