Granting Access to the Catalog Screen

ENTERPRISE

Granting access to the Catalog screen

You can grant users access to the Catalog screen. By default, new users have no permissions.

Tip: This procedure grants full user access to the Catalog screen. If you are running in strict or permissive security mode and want to configure fine-grained user access, see the documentation.

Grant Access by using the web interface

Prerequisites:

  • A DC/OS user account without the dcos:superuser permission.
  1. Log in to the DC/OS web interface as a user with the superuser permission.

    Login

    Figure 1. DC/OS web interface login

  2. Select Organization and choose Users or Groups.

  3. Select the name of the user or group to grant the permission to.

    Add permission cory

    Figure 2. Select user or group to grant permissions to

  4. From the Permissions screen, click ADD PERMISSION.

  5. Click INSERT PERMISSION STRING to toggle the dialog.

    Add permission

    Figure 3. Insert Permission String

  6. Copy and paste the permission in the Permissions Strings field. Choose the permission strings based on your security mode and click ADD PERMISSIONS and then Close.

    Disabled

    dcos:adminrouter:package full
    

    Permissive

    dcos:adminrouter:package full
    

    Strict

    dcos:adminrouter:package full
    

Granting Access by using the API

Prerequisites:

Note:

  • Service resources often include / characters that must be replaced with %252F in curl requests, as shown in the examples below.
  • When using the API to manage permissions, you must create the permission before granting it. If the permission already exists, the API will return an informative message and you can continue to assign the permission.

Disabled

  1. Create the permission.

    curl -X PUT --cacert dcos-ca.crt \
    -H "Authorization: token=$(dcos config show core.dcos_acs_token)" \
    -H 'Content-Type: application/json' \
    $(dcos config show core.dcos_url)/acs/api/v1/acls/dcos:adminrouter:package  \
    -d '{"description":"Grants access to the Catalog screen"}'
    
  2. Grant the following privileges to the user uid.

    curl -X PUT --cacert dcos-ca.crt \
    -H "Authorization: token=$(dcos config show core.dcos_acs_token)" \
    $(dcos config show core.dcos_url)/acs/api/v1/acls/dcos:adminrouter:package/users/<uid>/full
    

    Note: To grant this permission to a group instead of a user, replace /users/<uid> with /groups/<gid>.

Permissive

  1. Create the permission.

    curl -X PUT --cacert dcos-ca.crt \
    -H "Authorization: token=$(dcos config show core.dcos_acs_token)" \
    -H 'Content-Type: application/json' \
    $(dcos config show core.dcos_url)/acs/api/v1/acls/dcos:adminrouter:package  \
    -d '{"description":"Grants access to the Catalog screen"}'
    
  2. Grant the following privileges to the user uid.

    curl -X PUT --cacert dcos-ca.crt \
    -H "Authorization: token=$(dcos config show core.dcos_acs_token)" \
    $(dcos config show core.dcos_url)/acs/api/v1/acls/dcos:adminrouter:package/users/<uid>/full
    

    Note: To grant this permission to a group instead of a user, replace /users/<uid> with /groups/<gid>.

Strict

  1. Create the permission.

    curl -X PUT --cacert dcos-ca.crt \
    -H "Authorization: token=$(dcos config show core.dcos_acs_token)" \
    -H 'Content-Type: application/json' \
    $(dcos config show core.dcos_url)/acs/api/v1/acls/dcos:adminrouter:package  \
    -d '{"description":"Grants access to the Catalog screen"}'
    
  2. Grant the following privileges to the user uid.

    curl -X PUT --cacert dcos-ca.crt \
    -H "Authorization: token=$(dcos config show core.dcos_acs_token)" \
    $(dcos config show core.dcos_url)/acs/api/v1/acls/dcos:adminrouter:package/users/<uid>/full
    

    Note: To grant this permission to a group instead of a user, replace /users/<uid> with /groups/<gid>.