Example CLI User Set Up
The following example will create a non-admin user named sarah and create a key. sarah will own the key and will be able to do things with it.
We will create a second user, named bob, and show he does not have access to sarah's key.
Next, we will add bob to a group. sarah will add a permission to the key, granting members of the group some permissions to the key. We'll then show that bob now has these permissions.
You can try these steps using the API playground, curl, or by using the CLI commands.
This exercise assumes that the user has already installed the CLI tool (ksctl
) and has created a config.yaml
file that is specific to their installation. Note that we will use the built-in user in some cases and override them in others. Any command without user/password credentials is using the built-in (admin) user.
Create a new user called sarah.
The response to the create user command is a user resource that looks like:
Now create an AES key, which will be owned by sarah.
We'll need to create a file containing the attributes of the key we want to create, then pass that file to the CLI tool:
Windows
Linux
All systems
The response to the create key command is a key resource that looks like:
sarah is the owner of the key, which grants her permission to read the key:
The response looks like:
Now we'll create a second user, named bob:
The response looks like:
We'll also create a new group eng and put bob in it:
The response looks like:
We will connect as bob and try to read the key. This will fail, since bob has no access to the key.
The response looks like:
Let us connect as sarah and give the eng group, of which bob is a member, permission to get info about the key.
Windows
Linux
All systems
The response looks like:
Now bob is able to get info about the key.
The response looks like: