I have done some policy cleanup and replacement, but would like some clarification on what the proper use of --delete
and --replace
is when running conjur policy load...
This is from the Conjur Docs:
conjur policy load --delete
Conjur both creates and deletes data.
Objects and grants that already exist in the database but are not specified in the policy are left alone
conjur policy load --replace
Conjur replaces the data in the database with the data specified in the policy file being loaded.
Objects, grants, and privileges that exist in the database but are not specified in the policy file are deleted.
1 Like