Incorrect Grants when setting anonymous read permissions (#1185)

5 years ago · f493fd3252
parent f32e7f9144
commit f493fd3252
1 changed files with 2 additions and 2 deletions
--- a/website/content/docs/installing/no-gen-resources.mdx
+++ b/website/content/docs/installing/no-gen-resources.mdx
@ -302,7 +302,7 @@ $ boundary roles create -name 'global_anon_listing' \
 $ boundary roles add-grants -id <global_anon_listing_id> \
  -recovery-config /tmp/recovery.hcl \
  -grant 'id=*;type=auth-method;actions=list,authenticate' \
-  -grant 'type=scope;actions=list' \
+  -grant 'id=*;type=scope;actions=list,no-op' \
  -grant 'id={{account.id}};actions=read,change-password'

 $ boundary roles add-principals -id <global_anon_listing_id> \
@ -318,7 +318,7 @@ resource "boundary_role" "global_anon_listing" {
  scope_id = "global"
  grant_strings = [
    "id=*;type=auth-method;actions=list,authenticate",
-    "type=scope;actions=list",
+    "id=*;type=scope;actions=list,no-op",
    "id={{account.id}};actions=read,change-password"
  ]
  principal_ids = ["u_anon"]