controlled-user-shared-workspace-resource/read

broadinstitute · Jul 30, 2024 · 6d5c241 · 6d5c241
1 parent 1871644
commit 6d5c241
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/src/main/resources/reference.conf b/src/main/resources/reference.conf
@@ -285,6 +285,12 @@ resourceTypes = {
       reader = {
         roleActions = ["read"]
       }
+      rawls = {
+        roleActions = [
+          # rawls needs read workspace storage containers for clone operation
+          "read"
+        ]
+      }
     }
     reuseIds = false
   }

diff --git a/src/main/resources/sam.conf b/src/main/resources/sam.conf
@@ -363,6 +363,19 @@ resourceAccessPolicies {
         ]
       }
     }
+    controlled-user-shared-workspace-resource {
+      rawls {
+        memberEmails = [
+          ${?RAWLS_SERVICE_ACCOUNT}
+        ]
+        descendantPermissions = [
+          {
+            resourceTypeName = "controlled-user-shared-workspace-resource",
+            roles = ["rawls"]
+          }
+        ]
+      }
+    }
     kubernetes-app {
       rawls {
         memberEmails = [