Search
Varnish Controller
Introduction Changelog Known Issues Upgrading Deprecation Version 6 Version 5 Version 4 Version 3 Version 2 Version 1 Versioning License Features System Overview Demo Concepts Agent Router RoutingRules Tag VCL Domain Deployment Certificates VCLGroup Deployment Types API Logs Private/Shared Config/ConfigSets Authentication System Admin Regular Users Identity Provider Sessions Examples Authorization Organization Account Permission Examples CLI CLI Examples User Interface API API examples Invalidations Varnish Statistics Installation Quickstart NATS PostgreSQL Brainz API-GW Agents Routers Containers Identity Provider VCLI Graphical User Interface Mapped Ports Routing Plugins gRPC FAQ Examples Deploying VCL files Change a VCL file Purging multiple paths Banning paths Using Labels Certificates HTTP Routing Routing Decisions Organizations Private Agents Debugging Multiple Regions Staged Deployment Drain Traffic Config/ConfigSet

Permission

Permissions are assigned per account, organization and resource type. The permission is either read or write where write implies read.

The available resource type permissions are:

  • vclgroup
  • deployment
  • org - organizations
  • idp - identity provider
  • account - user accounts
  • file - files and also VCL
  • agent
  • perm - Permissions
  • domain
  • tag
  • session
  • routingrules
  • router
  • logentry - API logs

There are some caveats. Currently, system administrator is the only account able to perform the following operations.

  • Delete Agents
  • Delete Routers
  • Create Organizations
  • Delete Organizations
  • Assign the first user of a new organization

The reason for this is that Varnish Controller currently doesn’t support organization owned agents and tags.

Assigning Permissions

Organization user with full permissions can create new organization administrators. It is enough with write permissions to the resource type perm in order to make a user organization administrator. Since that implies that the user can add its own permissions. Hence, be careful what permissions is given to which users.

Revoking Permissions

Permissions can be revoked by a user that have write permissions to the perm resource.

See authorization examples for examples of permission handling.

Manuals
Varnish Enterprise
Varnish Cloud
Varnish Controller
Varnish High Availability
Varnish Custom Statistics
Varnish WAF
Varnish Broadcaster
Varnish Helm Chart
News
Varnish Enterprise 6.0.12r8
Varnish Helm Chart 1.3.0
A note on how Varnish handles an HTTP/2 CONTINUATION flood
Varnish Enterprise 6.0.12r7
Varnish Controller 6.0.2
News archive