Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Server Automation10.60

Administer > Permissions reference > Chef Cookbook management permissions

Chef Cookbook management permissions

This section specifies the Chef Cookbook Management permissions required by users to perform specific actions in the SA Client. For security administrators, the table answers this question: To perform a particular action, what permissions does a user need?

In addition to the action permissions listed, every user action also requires the Managed Servers and Groups permission.

Permissions for running a Chef Recipe from a cookbook with no dependencies
Permission management for cookbooks with dependencies
Multi-tenancy

Permissions for running a Chef Recipe from a cookbook with no dependencies

The following permissions are required in order to run a Chef Recipe from a cookbook with no dependencies:

These Action Permissions control the Chef tasks you can perform.

Permission	Setting	Task Enabled
Run Chef Recipes	Yes	The ability to start or schedule a specific Run Chef Recipe job.
Manage Package	Read (or stronger)	The ability to use Cookbooks (which is a type of SA package) in Run Chef Recipe jobs.

The user running the Run Chef Recipe job must belong to a user group with the Run Chef Recipes and Manage package permissions.

Folder Permissions control the access to the SA Library folder where the cookbook resides.
The user running the Run Chef Recipe job must belong to a user group with Read permission on the folder where the cookbook resides.
Resource Permissions control the access of the current user to the managed servers in SA.
The user running the Run Chef Recipe job must belong to a user group with Read&Write permission on the server’s facility, customer, and at least one of it’s Device Groups.
For more information about setting resource permissions, see Resource permissions.
Customer Constraints on Folders determine which servers can be the target of a Run Chef Recipe job. As each server is assigned to a Customer, the customer constraints of the cookbook folder must include the Customer of the target server.
Alternatively, you can ignore folder customer permissions entirely by assigning the Customer Independent customer to the cookbook folders.
For more information about setting folder permissions, see Folder Permissions.

Permission management for cookbooks with dependencies

The dependencies of a cookbook must satisfy the same permission requirements as the main cookbook: Read folder permissions and the proper folder customer constraints. If multiple versions of the dependent cookbooks exist, SA will use the newest version of the dependent cookbooks for which the entire dependency graph satisfies all required permissions.

Example: In the following setup, when the user tries to run a recipe from cookbook A, SA will resolve its dependency on cookbook B to version 1.7.4.

More in-depth, version 1.8 of cookbook B cannot be used because folder2 is not associated to customer1 (the customer of the targeted server). Version 1.7.5 of cookbook B can’t be used because the user doesn’t have any permissions on folder3. Versions 1.7.4 and 1.7.3 are both accessible and SA will choose the higher version, therefore 1.7.4.

Multi-tenancy

Customer constraints on folders provide the mechanism to support multi-tenancy, which allows you to apply different content to different customers.

In the example below, applying cookbook A to a group of two managed servers (cbt2 and m529) will result in applying version 1.0 of cookbook B to server m529 and version 2.0 of cookbook B to server cbt2.

Send Help Center feedback