Reference » Services » Authorization » Resource
Resources are the records on which permissions are defined. They are partitioned by "kind", such as "group", "host", "file", "environment", "variable", etc.
Permissions can have any name, but "create", "read", "execute", "update", and "delete" are standard.
A permission can be given to any role by the owner (creator) of a resource. A permission can be given with "grant option", which permits the role to grant the permission to others.
A resource is identified by a string in the form:
See also, Identifiers
Most CLI methods can accept short version of resource id:
The Role who creates a Resource is always the initial owner.
- Is always allowed to perform any action on the Resource (all permission checks are granted)
- Can give the Resource to another Role