Question about 'More flexible authorization model' in 1.17.1


I am trying to configure RBAC for application creation, as described in:

In the section above there is sample config yaml that allows only users from certain LDAP group to create applications with given name. I have tried following example, however the the restriction does not work. I am clear where I misconfigured.

My steps were:

  1. Add fiat.restrictApplicationCreation: true to profiles/fiat-local.yml
  2. Add modified (different domain for LDAP groups) auth.permissions.source.application.prefix snippet from to profiles/fiat-local.yml
  3. Re-deploy Spinnaker

For version 1.17.1 after the re-deploy any user from any group could create application with any name

Thank you.