How to customize(restrict) builtin role:admin
policy?
#20259
-
https://github.com/argoproj/argo-cd/blob/master/assets/builtin-policy.csv Can we add some restriction to For example, we manage Argo CD itself via Application named |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
It is better to create your own policy from scratch. The "admin" and "readonly" offered by Argo CD are just starting points. |
Beta Was this translation helpful? Give feedback.
-
Just curious I tried to make "partial deny" policy for builtin configs:
rbac:
policy.csv: |
p, role:admin, applications, delete, argo-cd/*, deny This policy forbids user as |
Beta Was this translation helpful? Give feedback.
It is better to create your own policy from scratch. The "admin" and "readonly" offered by Argo CD are just starting points.