I have several applications on a Kubernetes cluster deployed using ArgoCD. One role needs to be able, among other things, to rollback a given application. I know that the line
p, role:default, applications, update, */*, allow
grants the rollback permission, but it also grants permission to change the application in any way (e.g. edit yaml values), which is undesirable. Is there a set of policies that allows me to grant a role only the rollback operation?
