How Can I Configure RBAC in the Replicated Vendor Portal To Limit Access?

Fernando_Cremer · February 1, 2022, 3:50pm

The Replicated Vendor Portal is where you can package releases, promote them to channels, analyze support bundles, and more!

Depending on your use case, you may have a need to limit what areas of the Vendor Portal are accessible to users.

If you are on our Enterprise Plan, you have access to custom RBAC rules. In this example, let’s say we want to limit access for our Sales Team to only have access to a specific application and only to specific channels.

To access RBAC rules, select Team on the upper right hand corner of the Vendor Portal.

On the Team menu, select RBAC.

Once on the RBAC window, click on Create policy

Provide a Name and Description for the policy. The default policy is optimistic in that it allows everything by default.

In this example we are modifying it with the following content below. Please keep in mind that the contents below will not work for you as this is using unique identifiers available only on my account:

{
  "v1": {
    "name": "Policy Name",
      "resources": {
        "allowed": [
          "kots/app/orZa6iRlfIdFBtint8LJsHuJHGlfTax8/list",
          "kots/app/orZa6iRlfIdFBtint8LJsHuJHGlfTax8/read",
          "kots/app/orZa6iRlfIdFBtint8LJsHuJHGlfTax8/channel/4nDCYitga9UIpO0-4YiS-JKyAqgLcmCD/list",
          "kots/app/orZa6iRlfIdFBtint8LJsHuJHGlfTax8/channel/4nDCYitga9UIpO0-4YiS-JKyAqgLcmCD/read",
          "kots/app/orZa6iRlfIdFBtint8LJsHuJHGlfTax8/license/**"
        ],
        "denied": []
      }
  }
}

Let’s break this down further. As you can see we replaced **/* with several policies. These policies are what gives explicit permissions.

For reference, all of the available resources are available here. Keep in mind, however, that this page includes resources for other products that are no longer in active maintenance.

For this example, we are going to use the kots/app resources.

In order to give explicit permission to our app, we will need its ID. To limit access to only one channel, we will need to get its ID as well.

To get the Application ID, you can either use the Vendor CLI command or go to Settings and then click on the Show Application ID (Advanced) link on the Vendor Portal:

In my applicaiton, the id is orZa6iRlfIdFBtint8LJsHuJHGlfTax8

To get the channel ID, we could also either use a Vendor CLI command or go to Channels, and on the channel we want to give access click on the “Release History” link:

In the URL you will see the channel ID as highlighted below.

Now any user that belongs to this group, will only have access to the application and only the channels we want them to.

Topic		Replies	Views
What are the minimum RBAC permissions required to install Replicated Application Manager? Supporting your customers kots	0	213	January 18, 2023
KOTS: Existing Cluster: Conditionally Specify Minimal RBAC Packaging an application	2	574	June 28, 2022
What are the specific permissions required by KOTS in minimal RBAC installations? Supporting your customers kots	1	200	December 23, 2022
RBAC permissions required by KOTS in an existing cluster? Supporting your customers	0	674	June 11, 2020
Existing Cluster Install: Using Custom RBAC roles Supporting your customers airgap , rbac , existing-cluster , openshift	1	398	December 23, 2022

How Can I Configure RBAC in the Replicated Vendor Portal To Limit Access?

Related Topics