description: Allow groups to list projects
context:
  application: 'rundeck'
for:
  project:
  - allow: read
    match:
      name: '.*'
by:
  group: job_writer

---

description: Global write permissions to job_writer role
context:
  project: '.*'
for:
  resource:
  - equals:
      kind: 'node'
    allow: [read,refresh]
  - equals:
      kind: job
    allow: [create, delete]
  - equals:
      kind: event
    allow: [read]
  job:
  - allow: [create,read,update,delete,run,kill]
    match:
      name: '.*'
  node:
  - allow: [read, run, refresh]
    match:
      nodename: '.*'
by:
  group: job_writer