Sha256: 2b7748e4331c7c57fd0ed9732dee64c731b9e90844a12d08e35bb6693ac080ea

Contents?: true

Size: 888 Bytes

Versions: 4

Compression:

Stored size: 888 Bytes

Contents

module Conjur
  module Policy
    module Types
      class Revoke < Base
        attribute :role, dsl_accessor: true
        attribute :member, kind: :role, dsl_accessor: true

        self.description = %(
Remove a [Role](#reference/role) grant. (contrast: [Grant](#reference/grant))

Some `revoke` operations have additional semantics beyond the role revocation:
        
* When a Layer is revoked from a Host, the automatic roles on the Layer are denied their
    privileges on the Host. Specifically, the `observe` role is denied `read` privilege,
    `use_host` is denied `execute`, and `admin_host` is denied `update`.

See also: [role-based access control guide](/key_concepts/rbac.html).
)

        self.example = %(
- !revoke
    role: !group soup_eaters
    member: !user you
)

        def to_s
          "Revoke #{role} from #{member}"
        end
      end
    end
  end
end

Version data entries

4 entries across 4 versions & 2 rubygems

Version Path
conjur-policy-parser-0.12.0 lib/conjur/policy/types/revoke.rb
conjur-asset-policy-0.13.0 lib/conjur/policy/types/revoke.rb
conjur-asset-policy-0.12.0 lib/conjur/policy/types/revoke.rb
conjur-asset-policy-0.11.0 lib/conjur/policy/types/revoke.rb