Skip to main content

Access Policy Details

< create overview | access policy create workflow

Access Policy Create Details

Overview

  • Identification and Description: Provide clear names to help your team understand the policy's purpose and configuration.

📚 For more details on key points, refer to the overview section.
📚 Explore the properties section for additional information on each UI property.


CLI Instructions

CLI Commands - Quick Reference

InstructionCLI Command
List all access policieswf get globalaccesspolicies
View a access policy's manifest in consolewf get globalaccesspolicies POLICYNAME -o yaml
Output a access policy's manifest to filewf get globalaccesspolicies POLICYNAME -o yaml > MYPOLICY.yaml
Apply a access policy's manifest from filewf apply -f MYPOLICY.yaml

Create a new access policy

The best way to create a new cluster access policy is to copy an existing one.

Follow these steps:

  1. Check which cluster access policies already exist using the wf get globalaccesspolicies command.
 wf get globalaccesspolicies
NAME DESCRIPTION STATUS ENABLED AGE
admin.accesstoken Allows workspace owners to assign deployment roles to access tokens Success Unknown 537d
admin.accesstoken.serviceaccounttoken Allows workspace owners to assign service account token roles to access tokens Success true 336d
admin.alpha Access to administrate the alpha stage Success true 173d
admin.nonprod Admin access to non-production clusters Success Unknown 553d
admin.prod Admin access to production clusters Success Unknown 553d
editor.nonprod Editor access to non-production clusters Success Unknown 553d
editor.prod Editor access to production clusters Success Unknown 553d
secretsviewer.nonprod Secrets read access to non-production clusters Success Unknown 553d
secretsviewer.prod Secrets read access to production clusters Success Unknown 553d
support Temporary troubleshooting access to clusters including exec and logs for pods Success Unknown 553d
viewer.nonprod View access to non-production clusters Success Unknown 553d
viewer.prod View access to production clusters Success Unknown 553d

  1. Get the yaml from an existing policy:
wf get globalaccesspolicies admin.nonprod -o yaml > MYPOLICY.yaml

This copies the the admin.nonprod access policy and places it in a file MYPOLICY.yaml.


  1. Edit the access policy template section of the file as needed. Make sure to change the metadata name to a new name, to indicate that you wish to make a new cluster access policy. Thereafter, apply the file:
wf apply -f MYPOLICY.yaml


Web Interface Instructions

Note that Wayfinder's User Interface has several sections you need to follow in order to create a new access policy. Below only outlines the Details section.

Steps

  • Expand Admin, and then navigate to Policy > Cluster Access
  • Click the +Cluster Access Policy button
  • Fill in the details as outlined in the properties section.
  • Click Continue to proceed

Screenshot(s)

Create Access Policy - Details Section


Properties

FieldDescription
NameThe name of the access policy.
DescriptionA short description describing the purpose of the access policy.


What comes next?