Puppet Enterprise comes with many features, one of which is the role-based access control (RBAC) system that allows us to fine-tune who has access over what within out Puppet Enterprise setup. In this hands-on lab, we’ll use RBAC to set up a tiered system of access for our admins by following the “principle of least privilege” to ensure our Puppet setup is not a security vulnerability in and of itself. We’ll also create accounts for some of our users and ensure those accounts are assigned the appropriate roles.
Successfully complete this lab by achieving the following learning objectives:
- Add user roles for tier 1, 2, and 3 admins
Expand the Access control menu and click User roles.
Create a role with the name
T1 Adminsand the description
Permissions for newly-minted admins. Click Add role.
Click on T1 Admins to edit the newly-created role, then move to the Permissions tab.
Select Console from the dropdown menu. Then click Add.
Next, set the dropdown to Node groups, then select View. Set the instance to
Development environment (development). Add.
Repeat the above process for the production environment.
Then, set the dropdown to Tasks, then set the instance to
package. Change the permitted nodes to Node group, then set the new dropdown to Development environment (development). Add.
Repeat the above process for the
Commit 6 changes when done.
Return to the User roles page and repeat this process for the other two admin tiers.
- Create users
From the main navigation, click on Users.
Set the full name of the first user to
Ollieand the login to
olliep. Click Add local user.
Repeat this process until all users are added.
- Add users to the appropriate role
From the main navigation, return to User roles.
Select T1 Admins.
Select Andy from the dropdown and click Add user. Do the same for Ollie.
Commit 2 changes.
Repeat this process with the other two admin tiers.