cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Generic Grail POLICY for more than 6K+ management zones

nicemukesh
Contributor

We enabled GRAIL in our environment and need your help to create generic GRAIL policy using RBAC permission. Its not feasible to write 6k+ policies for each management zone. I want to write one to restrict user access to their respective MZ's.

1 REPLY 1

Maheedhar_T
Advisor

Hi @nicemukesh ,
You can simply add ALLOW storage:logs:read for allowing read permissions to logs for the users. By default, if I have permission to only one management zone, I will be able to view logs only for that management zone. You need not configure any other permissions.

The control is essentially at the access level not at this policy level.

Regards,
Maheedhar Talluri.

Maheedhar

Featured Posts