urbinet
commented
2 years ago Here I leave the projects Projects75297.zip .
Open urbinet opened 2 years ago
urbinet
commented
2 years ago Here I leave the projects Projects75297.zip .
Unexpected unauthorized to execute a job using RunAs
From dev team I receive the following information: Is expected because the RunAs is only for log and not for that you will get the permissions of the other user.
Number case: 00075297 Customer: IQVIA Rundeck: 3.4.8 rpm
The customer has two projects, A and B. In the project A has one job that calls to a second job on the project B through inline script using rd cli. The rd cli command line is the following:
rd run -f -u anotherUser -p projectB -i 1700c8fb-cfcc-40f0-b74c-d64fc088d24d
Here calling a second job from projectB executing with another user runAs on acls. Then de second job calls a third job using a reference job workflow as runAs.
The acl local on project B is the following:
The global acls are the following:
For project A is:
For project B is:
From dev team I receive the information that the RunAs is only for log and not for that you will get the permissions of the other user https://docs.rundeck.com/docs/administration/security/authorization.html#project-scope-resources-and-actions