Search
Varnish Controller
Introduction Changelog Known Issues Upgrading Deprecation Version 6 Version 5 Version 4 Version 3 Version 2 Version 1 Versioning License Features System Overview Demo Concepts Agent Router RoutingRules Tag VCL Domain Deployment Certificates Roles VCLGroup Deployment Types API Logs Private/Shared Config/ConfigSets Authentication System Admin Regular Users Identity Provider Sessions Examples Authorization Organization Account Permission Examples CLI CLI Examples CLI Manual User Interface API API examples Invalidations Integrations Varnish Statistics Installation Quickstart NATS PostgreSQL Brainz API-GW Agents Routers Containers Identity Provider VCLI Graphical User Interface Mapped Ports Routing Plugins gRPC FAQ Examples Deploying VCL files Change a VCL file Purging multiple paths Banning paths Using Labels Certificates HTTP Routing Routing Decisions Private Agents Debugging Multiple Regions OIDC - Microsoft Entra (Azure AD) Staged Deployment Drain Traffic Config/ConfigSet Organizations

Permission

Permissions are assigned per account, organization and resource type. The permission is either read or write where write implies read.

The available resource type permissions are:

  • vclgroup
  • deployment
  • org - organizations
  • idp - identity provider
  • account - user accounts
  • file - files and also VCL
  • agent
  • perm - Permissions
  • domain
  • tag
  • session
  • routingrules
  • router
  • logentry - API logs

There are some caveats. Currently, system administrator is the only account able to perform the following operations.

  • Delete Agents
  • Delete Routers
  • Create Organizations
  • Delete Organizations
  • Assign the first user of a new organization

The reason for this is that Varnish Controller currently doesn’t support organization owned agents and tags.

Assigning Permissions

Organization user with full permissions can create new organization administrators. It is enough with write permissions to the resource type perm in order to make a user organization administrator. Since that implies that the user can add its own permissions. Hence, be careful what permissions is given to which users.

Revoking Permissions

Permissions can be revoked by a user that have write permissions to the perm resource.

See authorization examples for examples of permission handling.

Manuals
Varnish Enterprise
Varnish Cloud
Varnish Controller
Varnish High Availability
Varnish Custom Statistics
Varnish WAF
Varnish Broadcaster
Varnish Helm Chart
Packages
Docker
News
Varnish Controller 6.6.3
Varnish Enterprise 6.0.13r10
Varnish Controller 6.6.2
Varnish Controller 6.6.1
Varnish Enterprise 6.0.13r9
News archive
Cookie Settings Privacy Policy Contact Us Press Branding
®Varnish Software, Wallingatan 12, 111 60 Stockholm, Organization nr. 556805-6203