Search
Varnish Controller
Introduction Changelog Known Issues Upgrading Deprecation Version 6 Version 5 Version 4 Version 3 Version 2 Version 1 Versioning License Features System Overview Demo Concepts Agent Router RoutingRules Tag VCL Domain Deployment Certificates VCLGroup Deployment Types API Logs Private/Shared Config/ConfigSets Authentication System Admin Regular Users Identity Provider Sessions Examples Authorization Organization Account Permission Examples CLI CLI Examples CLI Manual User Interface API API examples Invalidations Integrations Varnish Statistics Installation Quickstart NATS PostgreSQL Brainz API-GW Agents Routers Containers Identity Provider VCLI Graphical User Interface Mapped Ports Routing Plugins gRPC FAQ Examples Deploying VCL files Change a VCL file Purging multiple paths Banning paths Using Labels Certificates HTTP Routing Routing Decisions Organizations Private Agents Debugging Multiple Regions OIDC - Microsoft Entra (Azure AD) Staged Deployment Drain Traffic Config/ConfigSet

Authorization

Authorization consists of the things that happen after authentication has taken place. That is, after a user has logged in. It controls what resources a user owns and is able to manage.

A user can be part of one or more organization. For each organization, the user may have different permissions.

Resources

When a user creates a resource, it will be owned by the organization that the user is logged into. All users with read permissions for the specific resource type, in the organization, will be able to view the resource. The same applies to write permissions. If a user has write permission to the particular resource type, they may change the resource, even if they are not the original creator.

This means that all resources for an organization are available to all users in the organization. What decides if a user may view or modify a resource is up to the permission for the resource, which can be read or write. write permissions automatically imply read permissions.

Nested Resources

If a user wants to create a new VCLGroup that references a resource of type Domain, the user requires write access to resource type VCLGroup and also read permission for Domain. The domain specified must also be owned by the organization.

Manuals
Varnish Enterprise
Varnish Cloud
Varnish Controller
Varnish High Availability
Varnish Custom Statistics
Varnish WAF
Varnish Broadcaster
Varnish Helm Chart
Packages
Docker
News
Varnish Enterprise 6.0.13r8
Varnish Helm Chart 1.6.1
Varnish Controller 6.5.0
Varnish Enterprise 6.0.13r7
Varnish Helm Chart 1.6.0
News archive
Cookie Settings Privacy Policy Contact Us Press Branding
®Varnish Software, Wallingatan 12, 111 60 Stockholm, Organization nr. 556805-6203