[chef] knife-acl: how to change global permissions?

[Tiago Cruz < >]

Ohai again!

I'm testing Chef 12 and ACL's, but I can't find a way to change my "Global Permissions: cookbooks"

Today, to "cookbook show" my cookbooks, the user MUST be in at least, "admin, clients or users" group.

But I would like to create a new group with minimium privilege such permission in only one cookbook. To do so, I must remove the user from "users" group, but sounds like I'm stuck on Global Permission:

$ knife group add actor read-only teste
$ knife group remove actor users teste

$ knife cookbook show support -c knife-teste.rb
ERROR: You authenticated successfully to https://10.112.81.166 as teste but you are not authorized for this action
Response:  missing read permission

$ knife acl add cookbooks support read group read-only
$ knife acl add cookbooks support update group read-only

$ knife cookbook upload support -V -c knife-teste.rb
INFO: HTTP Request Returned 403 Forbidden: error
ERROR: You authenticated successfully to https://10.112.81.166 as teste but you are not authorized for this action
Response:  missing read permission

Any ideas? Thanks a lot!

--
-- Tiago Cruz