Policy for Job Links

This section provides permissions and examples for policy for job link. In order to link jobs, the user must have not only permit link but also permit read on the job realm.

The following example permits "dev" role to link jobs running in the /sandbox/dev namespace. Note: In order to link jobs, permit read, update is also required. If permit read is missing, job not found error will be thrown.

job::/sandbox/dev {
    if (role == "dev") {
      permit read, update, link
    }
}

The following example permits "dev" role to link a job in the /dev/sourceJob namespace to a job in the /acme/targetJob namespace. Note that permit update is required on the job::/dev/sourceJob realm; otherwise, missing claim "permit update" policy error will be thrown.

job::/dev/sourceJob {
    if (role == "dev") {
        permit read, update, link
    }
}

job::/acme/targetJob {
    if (role == "dev") {
        permit read, link
    }
}