]> source.dussan.org Git - archiva.git/blob
projects / archiva.git / blob
? search:


751ac5c8e4f12aab1fb32169142f2731b83f38fb
[archiva.git] /
1 <!--
2   ~ Licensed to the Apache Software Foundation (ASF) under one
3   ~ or more contributor license agreements.  See the NOTICE file
4   ~ distributed with this work for additional information
5   ~ regarding copyright ownership.  The ASF licenses this file
6   ~ to you under the Apache License, Version 2.0 (the
7   ~ "License"); you may not use this file except in compliance
8   ~ with the License.  You may obtain a copy of the License at
9   ~
10   ~   http://www.apache.org/licenses/LICENSE-2.0
11   ~
12   ~ Unless required by applicable law or agreed to in writing,
13   ~ software distributed under the License is distributed on an
14   ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   ~ KIND, either express or implied.  See the License for the
16   ~ specific language governing permissions and limitations
17   ~ under the License.
18   -->
19
20 <redback-role-model>
21   <modelVersion>1.0.0</modelVersion>
22   <applications>
23     <application>
24       <id>System</id>
25       <description>Roles that apply system-wide, across all of the applications</description>
26       <version>1.0.0</version>
27       <resources>
28         <resource>
29           <id>global</id>
30           <name>*</name>
31           <permanent>true</permanent>
32           <description>global resource implies full access for authorization</description>
33         </resource>
34         <resource>
35           <id>username</id>
36           <name>${username}</name>
37           <permanent>true</permanent>
38           <description>replaced with the username of the principal at authorization check time</description>
39         </resource>
40       </resources>
41       <operations>
42         <operation>
43           <id>configuration-edit</id>
44           <name>configuration-edit</name>
45           <description>edit configuration</description>
46           <permanent>true</permanent>
47         </operation>
48         <operation>
49           <id>user-management-user-create</id>
50           <name>user-management-user-create</name>
51           <description>create user</description>
52           <permanent>true</permanent>
53         </operation>
54         <operation>
55           <id>user-management-user-edit</id>
56           <name>user-management-user-edit</name>
57           <description>edit user</description>
58           <permanent>true</permanent>
59         </operation>
60         <operation>
61           <id>user-management-user-role</id>
62           <name>user-management-user-role</name>
63           <description>user roles</description>
64           <permanent>true</permanent>
65         </operation>
66         <operation>
67           <id>user-management-user-delete</id>
68           <name>user-management-user-delete</name>
69           <description>delete user</description>
70           <permanent>true</permanent>
71         </operation>
72         <operation>
73           <id>user-management-user-list</id>
74           <name>user-management-user-list</name>
75           <description>list users</description>
76           <permanent>true</permanent>
77         </operation>
78         <operation>
79           <id>user-management-role-grant</id>
80           <name>user-management-role-grant</name>
81           <description>grant role</description>
82           <permanent>true</permanent>
83         </operation>
84         <operation>
85           <id>user-management-role-drop</id>
86           <name>user-management-role-drop</name>
87           <description>drop role</description>
88           <permanent>true</permanent>
89         </operation>
90         <operation>
91           <id>user-management-rbac-admin</id>
92           <name>user-management-rbac-admin</name>
93           <description>administer rbac</description>
94           <permanent>true</permanent>
95         </operation>
96         <operation>
97           <id>guest-access</id>
98           <name>guest-access</name>
99           <description>access guest</description>
100           <permanent>true</permanent>
101         </operation>
102         <operation>
103           <id>user-management-manage-data</id>
104           <name>user-management-manage-data</name>
105           <description>manage data</description>
106           <permanent>true</permanent>
107         </operation>
108       </operations>
109       <roles>
110         <role>
111           <id>system-administrator</id>
112           <name>System Administrator</name>
113           <permanent>true</permanent>
114           <assignable>true</assignable>
115           <permissions>
116             <permission>
117               <id>edit-redback-configuration</id>
118               <name>Edit Redback Configuration</name>
119               <operation>configuration-edit</operation>
120               <resource>global</resource>
121               <permanent>true</permanent>
122             </permission>
123             <permission>
124               <id>manage-rbac-setup</id>
125               <name>User RBAC Management</name>
126               <operation>user-management-rbac-admin</operation>
127               <resource>global</resource>
128               <permanent>true</permanent>
129             </permission>
130             <permission>
131               <id>manage-rbac-data</id>
132               <name>RBAC Manage Data</name>
133               <operation>user-management-manage-data</operation>
134               <resource>global</resource>
135               <permanent>true</permanent>
136             </permission>
137           </permissions>
138           <childRoles>
139             <childRole>user-administrator</childRole>
140           </childRoles>
141         </role>
142         <role>
143           <id>user-administrator</id>
144           <name>User Administrator</name>
145           <permanent>true</permanent>
146           <assignable>true</assignable>
147           <permissions>
148             <permission>
149               <id>drop-roles-for-anyone</id>
150               <name>Drop Roles for Anyone</name>
151               <operation>user-management-role-drop</operation>
152               <resource>global</resource>
153               <permanent>true</permanent>
154             </permission>
155             <permission>
156               <id>grant-roles-for-anyone</id>
157               <name>Grant Roles for Anyone</name>
158               <operation>user-management-role-grant</operation>
159               <resource>global</resource>
160               <permanent>true</permanent>
161             </permission>
162             <permission>
163               <id>user-create</id>
164               <name>Create Users</name>
165               <operation>user-management-user-create</operation>
166               <resource>global</resource>
167               <permanent>true</permanent>
168             </permission>
169             <permission>
170               <id>user-delete</id>
171               <name>Delete Users</name>
172               <operation>user-management-user-delete</operation>
173               <resource>global</resource>
174               <permanent>true</permanent>
175             </permission>
176             <permission>
177               <id>user-edit</id>
178               <name>Edit Users</name>
179               <operation>user-management-user-edit</operation>
180               <resource>global</resource>
181               <permanent>true</permanent>
182             </permission>
183             <permission>
184               <id>access-users-roles</id>
185               <name>Access Users Roles</name>
186               <operation>user-management-user-role</operation>
187               <resource>global</resource>
188               <permanent>true</permanent>
189             </permission>
190             <permission>
191               <id>access-user-list</id>
192               <name>Access User List</name>
193               <operation>user-management-user-list</operation>
194               <resource>global</resource>
195               <permanent>true</permanent>
196             </permission>
197           </permissions>
198         </role>
199         <role>
200           <id>edit-users-list</id>
201           <name>edit users list</name>
202           <permanent>true</permanent>
203           <assignable>true</assignable>
204           <permissions>
205             <permission>
206               <id>access-user-list</id>
207               <name>Access User List</name>
208               <operation>user-management-user-list</operation>
209               <resource>global</resource>
210               <permanent>true</permanent>
211             </permission>
212           </permissions>
213         </role>
214         <role>
215           <id>registered-user</id>
216           <name>Registered User</name>
217           <permanent>true</permanent>
218           <assignable>true</assignable>
219           <permissions>
220             <permission>
221               <id>edit-user-by-username</id>
222               <name>Edit User Data by Username</name>
223               <operation>user-management-user-edit</operation>
224               <resource>username</resource>
225               <permanent>true</permanent>
226             </permission>
227           </permissions>
228         </role>
229         <role>
230           <id>guest</id>
231           <name>Guest</name>
232           <permanent>true</permanent>
233           <assignable>true</assignable>
234           <permissions>
235             <permission>
236               <id>guest-permission</id>
237               <name>Guest Permission</name>
238               <operation>guest-access</operation>
239               <resource>global</resource>
240               <permanent>true</permanent>
241             </permission>
242           </permissions>
243         </role>
244       </roles>
245     </application>
246   </applications>
247 </redback-role-model>
Apache Archiva Repository: https://github.com/apache/archiva