Name		Name	Last commit message	Last commit date
parent directory ..
README.md		README.md
grants_authn.yml		grants_authn.yml
grants_cd.yml		grants_cd.yml
grants_ci.yml		grants_ci.yml
grants_host.yml		grants_host.yml
grants_user.yml		grants_user.yml
grants_vcs.yml		grants_vcs.yml

README.md

Grant Policies

All !grant policies should be loaded into the root branch.

What it is
How it can be declared
- Single resource membership
- Multiple resource membership
Common Root Branch Membership Grants

What it is

A !grant is the same as adding a member to a security group in Active Directory in Conjur's policy-as-code.

How it can be declared

Single resource membership

- !grant
  role: !group GroupName
  member: !user UserName

Multiple resource membership

- !grant
  role: !group GroupName
  members:
    - !user UserName
    - !host HostName
    - !group AnotherGroupName

Common Root Branch Membership Grants

User groups
- Admins
- Auditors
Vault Conjur Synchronizer consumer groups
Vault Conjur Synchronizer admin groups
Authenticator groups