Policies
A policy defines permissions for users to perform specific actions on particular resources. A policy can apply to teams and API Tokens as well. Identity and Access Management policies manage identities and their permissions. They are mainly composed of statements. Chef Automate has two types of policies. Chef-managed and custom policies. Chef-managed policies are created and maintained by Chef. They are integral to the operation of Chef Automate and cannot be changed. Users can create custom policies according to their needs. They can add, edit, and delete statements. Custom policies are made using the Policies API. There are two main custom policies in Chef Automate, Compliance Viewers and Compliance Editors.
Source: Chef Docs
Roles
A Role is an identity with a set of permissions that grant access to resources and allows one to perform specific actions. There are two types of roles in Chef Automate - Chef-Managed and custom roles. The Chef-managed roles are managed by Chef Automate and cannot be modified.
-
Viewer - It allows you to view everything in the system except IAM.
-
Editor- It can do everything in the system except IAM and license application.
-
Owner - It can do everything in the system, including IAM.
-
Project Owner -Besides everything an editor can do, it allows one to view and assign projects.
-
Ingest - It can ingest data into the system.
The custom roles can be created using the Roles API and are editable by users. There are two custom roles in Chef Automate.
-
Compliance Viewer. It allows viewing compliance resources.
- Compliance Editor: it allows editing compliance resources.
Users
There are three main types of users in Chef Automate - local users, LDAP users and SAML users. Local users can interact with the system independent of LDAP and SAML. The Users page in the Settings tab has options to create and delete local users. We can also change the display names and reset passwords for selected local users.
Source: Chef Docs
Teams
A team is a group of users. LDAP and SAML can be used to import existing teams into Chef Automate. Chef Automate has Admin teams created by default. Local users can be added to this team and get admin permissions. We can create, delete, and modify team details on the Team page under the Settings tab. We can also add and remove users from a local team.
Source: Chef Docs
Event Feed
Event Feed is a feature in Chef Automate that provides actionable insights and operation visibility. It systematically displays the time, type, action, initiating action and the object on which an event acts. To quickly isolate errors and drill into infrastructure and compliance automation events. The Event Guitar Strings is a timeline representing Chef Infra Server and Compliance events. The events can refer to creation, updates, or deletions. Blue circles show the create events, purple diamonds show the update events, and red circles show the delete events.
The icons inside the shapes represent different types of events. If multiple events have occurred within the same 4-hour window, it is denoted as a multi-event icon. Hovering over the icon displays a summary of the events for that 4-hour window.
Source: Chef Docs
The Event Feed groups events of the same type by the same user. The event feed and timeline can be filtered based on Event Type, Chef Infra Server, and Chef Organisation. Event types include clients, cookbooks, data bags, environments, nodes, policy files, profiles, roles, or scan jobs. The Event feed can also be filtered based on the timeline of a day or a set of days. By default, it shows all the events of the past week.
Frequently Asked Questions
What are LDAP and SAML?
LDAP stands for Lightweight Directory Access Protocol, and SAML stands for Security Assertion Markup Language. Both are protocols primarily used to authorise users' access to an organisation's resources and securely authenticate their identity.
How to add an API token as a member of a policy?
Member Expressions are used to add an API token as a policy member. They are required for externally managed users, teams, and API tokens.
What are the necessary permissions to interact with the Event Feed?
Users can view and interact with the Event Feed if they have permission for the event:* action. Filter and searching facility in Event Feed requires permission for the infra:nodes:list action.
Conclusion
This blog discusses the standard terms related to the users of Chef Automate. It explains the concept of API Tokens, Policies, Roles, and Teams. It also discusses the Event feed feature in Chef Automate. Check out our articles on Chef InSpec Terminology, Chef Shell for Debugging and Troubleshooting Chef Workstation. Explore our Library on Coding Ninjas Studio to gain knowledge on Data Structures and Algorithms, Machine Learning, Deep Learning, Cloud Computing and many more! Test your coding skills by solving our test series and participating in the contests hosted on Coding Ninjas Studio!
Looking for questions from tech giants like Amazon, Microsoft, Uber, etc.? Look at the problems, interview experiences, and interview bundle for placement preparations. Upvote our blogs if you find them insightful and engaging! Happy Coding!
34+ registered 
