Restrict application permission to spicifc users/group

I need to assign roles to group/users on application/account level

From the picture, I cannot see any thing in permission drop/down list, what things I need to configure? and how? given that authn and authz is enabled using ldap

Hi, if you already have ldap enabled, then the problem is spinnaker is not getting the proper response from the ldap query.
Check the groups search filters and base. This is what I used, you can try it out just in case we have the same structure.

hal config security authz ldap edit --url=“ldaps://your-ldap-host:636/dc=your-dc” --manager-dn “uid=ldap-manager,ou=Users,o=your-org,dc=your-dc” --user-search-base “ou=Users,o=your-org” --group-search-base “ou=Users,o=your-org” --user-search-filter="(|(uid={0})(mail={0}))" --group-search-filter="(&(objectClass=groupOfNames)(member={0}))" --user-dn-pattern “” --manager-password “your manager password”

So if it’s configured correctly I should see my ldap groups in permission drop/down list?

and in case it’s not getting the proper response, I should see some errors, right? in fiat service?

Yes, when all is well, you’ll see the groups in the drop down. And yes Fiat would log if there was a problem with the query. But won’t log if the query is syntactically correct but semantically wrong (not returning any results)