gnawing at the following project level ACL, which we derived from examples given by pagerduty:
description: Admin, all access.
for:
resource:
- equals:
kind: job
allow: [create] # allow create jobs
- equals:
kind: node
allow: [read,create,update,refresh] # allow refresh node sources
- equals:
kind: event
allow: [read,create] # allow read/create events
adhoc:
- allow: [read,run,runAs,kill,killAs] # allow running/killing adhoc jobs
job:
- allow: [create,read,update,delete,run,runAs,kill,killAs] # allow create/read/write/delete/run/kill of all jobs
node:
- allow: [read,run] # allow read/run for node
storage:
- allow: [read,create,update,delete] # allow access to key storage
by:
group: [my_group]
with this generous acl in place, the user will still not see the “project settings” icon, and thus only has access to the key storage when entering the URL.
My question: which ACL will ensure that the project settings is offered in the navigation?
Thanks, Tom