27 Sep 2024 11:17 AM - last edited on 30 Sep 2024 06:55 AM by MaciejNeumann
We enabled GRAIL in our environment and need your help to create generic GRAIL policy using RBAC permission. Its not feasible to write 6k+ policies for each management zone. I want to write one to restrict user access to their respective MZ's.
30 Sep 2024 01:16 PM
Hi @nicemukesh ,
You can simply add ALLOW storage:logs:read for allowing read permissions to logs for the users. By default, if I have permission to only one management zone, I will be able to view logs only for that management zone. You need not configure any other permissions.
The control is essentially at the access level not at this policy level.
Regards,
Maheedhar Talluri.