Search
varnish-controller7    authorization    permission
Varnish Controller 7 Changelog Version 7 Known Issues Upgrading Previous Versions Versioning License Features System Overview Demo Concepts Agent Router RoutingRules Git Tag Files Domain Certificates Roles VCLGroup ACME API Logs Private/Shared Config/ConfigSets Authentication System Admin Regular Users Identity Provider Sessions Examples Authorization Organization Account Permission Examples CLI CLI Examples CLI Manual User Interface API API examples Invalidations Integrations Varnish Statistics Installation Quickstart NATS PostgreSQL Brainz API-GW Agents Routers Containers Identity Provider VCLI Graphical User Interface Mapped Ports Routing Plugins gRPC Examples Deploying VCL files Change a VCL file Purging multiple paths Banning paths Using Labels Certificates HTTP Routing Routing Decisions Private Agents Debugging Multiple Regions OIDC - Microsoft Entra (Azure AD) Drain Traffic Config/ConfigSet Organizations

Permission

Permissions are assigned per account, organization and resource type. The permission is either read or write where write implies read.

There are some caveats. Currently, system administrator is the only account able to perform the following operations.

  • Delete Agents (except private)
  • Delete Routers (except private)
  • Create Organizations
  • Delete Organizations
  • Assign the first user of a new organization

Assigning Permissions

Organization user with full permissions can create new organization administrators. It is enough with write permissions to the resource type perm in order to make a user organization administrator. Since that implies that the user can add its own permissions. Hence, be careful what permissions is given to which users.

Revoking Permissions

Permissions can be revoked by a user that have write permissions to the perm resource.

See authorization examples for examples of permission handling.

Manuals
Varnish Enterprise
Varnish Cloud
Varnish Controller
Varnish High Availability
Varnish Custom Statistics
Varnish WAF
Varnish Broadcaster
Varnish Helm Chart
Packages
Docker
News
Varnish Controller 7.0.0
Varnish Enterprise vulnerability in MSE4 when handling range requests
HTTP/1 client-side desync vulnerability
Varnish Controller 6.6.8
Container images updated to Debian bookworm
News archive
Cookie Settings Privacy Policy Contact Us Press Branding
®Varnish Software, Wallingatan 12, 111 60 Stockholm, Organization nr. 556805-6203