Skip to content

Commit

Permalink
Document disabling default import rule (#50324)
Browse files Browse the repository at this point in the history 
* Document disabling default import rule

* Update docs/pages/enroll-resources/database-access/rbac.mdx

Co-authored-by: Paul Gottschling <[email protected]>

* Update docs/pages/enroll-resources/database-access/rbac.mdx

Co-authored-by: Paul Gottschling <[email protected]>

---------

Co-authored-by: Paul Gottschling <[email protected]>
  • Loading branch information
@Tener @ptgott
Tener and ptgott authored Dec 23, 2024
1 parent d4bdb76 commit 074d584
Showing 1 changed file with 29 additions and 0 deletions.
29 changes: 29 additions & 0 deletions docs/pages/enroll-resources/database-access/rbac.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -264,6 +264,35 @@ spec:
version: v1
```
### Disabling the default import rule
Teleport expects at least one import rule to be defined. If it is missing, the Teleport Auth Service will create a default import rule on startup.
If you don't want to import any database objects, create a rule that matches no databases. In the example below, the list of matching label values is empty, so no database will ever match this selector.
```yaml
kind: db_object_import_rule
metadata:
name: import_no_objects
spec:
database_labels:
- {}
mappings:
- {}
version: v1
```
Create the custom rule and remove the default one:
{/* spell-checker: disable */}
```code
$ tctl create -f import_no_objects.yaml
rule "import_no_objects" has been created
$ tctl rm db_object_import_rule/import_all_objects
Rule "import_all_objects" has been deleted
```
{/* spell-checker: enable */}

### Database admin user

A database admin user is responsible for granting permissions to end users. You
Expand Down

0 comments on commit 074d584

Please sign in to comment.