docs(meta): Don't use term 'role' for a policy (#1)

policies/administrator/administrator.hcl

@@ -0,0 +1,83 @@
+# Read system health check
+path "sys/health"
+{
+  capabilities = ["read", "sudo"]
+}
+
+# Create and manage ACL policies broadly across Vault
+
+# List existing policies
+path "sys/policies/acl"
+{
+  capabilities = ["list"]
+}
+
+# Create and manage ACL policies
+path "sys/policies/acl/*"
+{
+  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+}
+
+# Enable and manage authentication methods broadly across Vault
+
+# Manage auth methods broadly across Vault
+path "auth/*"
+{
+  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+}
+
+# Create, update, and delete auth methods
+path "sys/auth/*"
+{
+  capabilities = ["create", "update", "delete", "sudo"]
+}
+
+# List auth methods
+path "sys/auth"
+{
+  capabilities = ["read"]
+}
+
+# Enable and manage the key/value secrets engine at `secret/` path
+
+# List, create, update, and delete key/value secrets
+path "secret/*"
+{
+  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+}
+
+# Manage secrets engines
+path "sys/mounts/*"
+{
+  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+}
+
+# List existing secrets engines.
+path "sys/mounts"
+{
+  capabilities = ["read"]
+}
+
+# Allow creation of groups
+path "identity/group"
+{
+  capabilities = ["update"]
+}
+
+# Allow renaming of groups
+path "identity/group/+/+"
+{
+  capabilities = ["update"]
+}
+
+# Allow listing and reading of groups and group attributes
+path "identity/groups/+/+"
+{
+  capabilities = ["list", "read"]
+}
+
+# Allow listing and reading of entities and entity attributes
+path "identity/entity/+/+"
+{
+  capabilities = ["list", "read"]
+}

policies/administrator/auditor.hcl

@@ -0,0 +1,11 @@
+# Allow enabling of audit logging to file
+path "sys/audit/file"
+{
+  capabilities = ["update", "sudo"]
+}
+
+# Allow listing of audit devices
+path "sys/audit"
+{
+  capabilities = ["read", "sudo"]
+}