A config setting which declares who or what is able to create a recipe on the system. Since policies are associated with existing recipes, we need a separate mechanism for controlling creation. The recipe_create_policy does this. It's default value is an empty string, which means anyone can create a new recipe via a PUT to /recipes/{recipe_name}. Other options are:

ANY

Any authenticated user may create a recipe.

ADMIN

Any user with the ADMIN role may create a recipe.

Other options are possible by overriding existing code.