[chef] Re: read only access to chef server

[Mark Mzyk < >]

Hey Koert,

Your best bet is probably to upgrade to Chef Server 12 and then use the more fine grained RBAC permissions it contains to manage this, although I don't believe there is a simple read only switch you can flip, so you'll likely have to play with the permission system to get things correct.

The webui gives you some access to manage this, although it is far from perfect (and the webui is only free for use up to 25 nodes), otherwise command line tools are available to manage this. knife-acl exists for this, but has lots of warnings around it, since it is modifying the underlying permissions of the system.

- Mark Mzyk

" type="cite">

" photoname="Koert Kuipers" src="jpgKPHoDmwJ2T.jpg" name="compose-unknown-contact.jpg" height="25px" width="25px">

" style="color:#737F92 !important;padding-right:6px;font-weight:bold;text-decoration:none !important;">Koert Kuipers

January 8, 2015 at 11:39 PM

hello!
we recently put a berks-api in front our chef server so that it can be our central repository for cookbooks. its working nicely.

but since Berkshelf files now reference our "inhouse supermarket" instead of git and/or path locations, it also means a lot more people need access to our chef server. for example anyone that does kitchen testing. but i dont want all those people to be able to upload or modify things in the chef-server. so how can i give them read only access? we are in chef server 11.

best, koert