x/ranger
Code Issues Proposed changes
ranger/orm/services/customer_manager/cms_rest/etc/policy.json
Chi Lo b400f52e9d Assign roles to group for a region 
This patch provides the fuctionality of assigning roles to group
for a particular region.

Change-Id: Ie1a246d46fffe3d8976546c2e276efd93a3b424d
2019-05-22 20:51:47 -07:00

56 lines
2.6 KiB
JSON
Executable File
Raw Blame History

{
"default": "!",
"admin": "role:admin and tenant:admin or role:admin and tenant:service",
"admin_support": "role:admin_support and tenant:admin or role:admin_support and tenant:service",
"admin_viewer": "role:admin_viewer and tenant:admin or role:admin_viewer and tenant:service",
"creator": "role:ranger_customer_creator and tenant:admin or role:ranger_customer_creator and tenant:service",
"admin_or_creator": "rule:admin or rule:creator",
"admin_or_support": "rule:admin or rule:admin_support",
"admin_or_support_or_creator": "rule:admin or rule:admin_support or rule:creator",
"admin_or_support_or_viewer": "rule:admin or rule:admin_support or rule:admin_viewer",
"admin_or_support_or_viewer_or_creator": "rule:admin or rule:admin_support or rule:admin_viewer or rule:creator",
"customers:get_one": "rule:admin_or_support_or_viewer_or_creator",
"customers:get_all": "rule:admin_or_support_or_viewer_or_creator",
"customers:create": "rule:admin_or_support_or_creator",
"customers:update": "rule:admin_or_creator",
"customers:delete": "rule:admin",
"customers:add_region": "rule:admin_or_support_or_creator",
"customers:update_region": "rule:admin_or_creator",
"customers:delete_region": "rule:admin_or_creator",
"customers:add_region_user": "rule:admin_or_support",
"customers:update_region_user": "rule:admin",
"customers:delete_region_user": "rule:admin",
"customers:add_default_user": "rule:admin_or_support",
"customers:update_default_user": "rule:admin",
"customers:delete_default_user": "rule:admin",
"customers:add_metadata": "rule:admin_or_support_or_creator",
"customers:update_metadata": "rule:admin_or_creator",
"customers:enable": "rule:admin_or_support_or_creator",
"groups:get_one": "rule:admin_or_support_or_viewer_or_creator",
"groups:get_all": "rule:admin_or_support_or_viewer_or_creator",
"groups:create": "rule:admin_or_support_or_creator",
"groups:update": "rule:admin_or_creator",
"groups:delete": "rule:admin",
"groups:add_region": "rule:admin_or_support_or_creator",
"groups:delete_region": "rule:admin_or_creator",
"groups:assign_role": "rule:admin_or_support_or_creator",
"groups:assign_region_role": "rule:admin_or_support_or_creator",
"groups:unassign_role": "rule:admin_or_creator",
"groups:add_group_default_users": "rule:admin_or_support",
"groups:delete_group_default_user": "rule:admin",
"groups:add_group_region_users": "rule:admin_or_support",
"groups:delete_group_region_user": "rule:admin",
"groups:get_all_roles": "rule:admin_or_support_or_viewer_or_creator"
}
View Git Blame Copy Permalink