diff options
author | Ola Aunrønning <olaa@verizonmedia.com> | 2020-05-15 14:19:15 +0200 |
---|---|---|
committer | Ola Aunrønning <olaa@verizonmedia.com> | 2020-05-15 14:19:15 +0200 |
commit | ac4379045e4ace271ec533886fe1e9a098d93f59 (patch) | |
tree | 901a602f2646122131a6cf6c13596d381eade8f8 /controller-api | |
parent | 0ec7ac1ca97a0bea97e606c5d5c82f1dfb593054 (diff) |
Give operators and supporters invoice read privileges
Diffstat (limited to 'controller-api')
-rw-r--r-- | controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java index bc61ec6d97d..00550387db5 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java @@ -23,11 +23,14 @@ enum Policy { /** Full access to everything. */ operator(Privilege.grant(Action.all()) .on(PathGroup.allExcept(PathGroup.hostedAccountant)) - .in(SystemName.all())), + .in(SystemName.all()), + Privilege.grant(Action.read) + .on(PathGroup.hostedAccountant) + .in(SystemName.PublicCd)), /** Full access to everything. */ supporter(Privilege.grant(Action.read) - .on(PathGroup.allExcept(PathGroup.hostedAccountant)) + .on(PathGroup.all()) .in(SystemName.all())), /** Full access to user management for a tenant in select systems. */ |