This document walks you through the steps to follow on a Harness NextGen to achieve how to Granularize RBAC at individual pipeline levels in a project.
-
Let’s Add/Invite a user to an already existing project as a collaborator.
-
Now let’s create a resource group called ‘Front’ where only specific pipelines within the project are specified.
Project > Access Control > Resource Groups
-
Next let’s Create a Role called ‘Test’ with pipeline execution permissions.
Project > Access Control > Roles
-
Now let’s create a user group called ‘Test-UserGroup’ with role-binding of ‘Test’ role and ‘Front’ resource-group and make the above user part of the user-group.
With the above RBAC settings, We can see the pipeline execution isolation for the above user.
Troubleshooting:
When this user tries to execute pipelines in the project, some of the connectors/secrets required by the pipeline were setup at Org level/Account level - To fix this, we need to create a new role binding at Org level/Account level for this user (can use user-group for this as well) and provided access permissions to the required connectors & secrets.
This will resolve the problem and the user was only able to execute/run the specified pipelines.
