]> source.dussan.org Git - archiva.git/blob
projects / archiva.git / blob
? search:


ecc1de8fb6f8e1fc518e40719ff8f1b4f8c8c58f
[archiva.git] /
1 <redback-role-model>
2     <modelVersion>1.0.0</modelVersion>
3     <applications>
4         <application>
5           <id>System</id>
6           <description>Roles that apply system-wide, across all of the applications</description>
7         <version>1.0.0</version>
8         <resources>
9             <resource>
10                 <id>global</id>
11                 <name>*</name>
12                 <permanent>true</permanent>
13                 <description>global resource implies full access for authorization</description>
14             </resource>
15             <resource>
16                 <id>username</id>
17                 <name>${username}</name>
18                 <permanent>true</permanent>
19                 <description>replaced with the username of the principal at authorization check time</description>
20             </resource>
21         </resources>
22         <operations>
23             <operation>
24                 <id>configuration-edit</id>
25                 <name>configuration-edit</name>
26                 <description>edit configuration</description>
27                 <permanent>true</permanent>
28             </operation>
29             <operation>
30                 <id>user-management-user-create</id>
31                 <name>user-management-user-create</name>
32                 <description>create user</description>
33                 <permanent>true</permanent>
34             </operation>
35             <operation>
36                 <id>user-management-user-edit</id>
37                 <name>user-management-user-edit</name>
38                 <description>edit user</description>
39                 <permanent>true</permanent>
40             </operation>
41             <operation>
42                 <id>user-management-user-role</id>
43                 <name>user-management-user-role</name>
44                 <description>user roles</description>
45                 <permanent>true</permanent>
46             </operation>
47             <operation>
48                 <id>user-management-user-delete</id>
49                 <name>user-management-user-delete</name>
50                 <description>delete user</description>
51                 <permanent>true</permanent>
52             </operation>
53             <operation>
54                 <id>user-management-user-list</id>
55                 <name>user-management-user-list</name>
56                 <description>list users</description>
57                 <permanent>true</permanent>
58             </operation>
59             <operation>
60                 <id>user-management-role-grant</id>
61                 <name>user-management-role-grant</name>
62                 <description>grant role</description>
63                 <permanent>true</permanent>
64             </operation>
65             <operation>
66                 <id>user-management-role-drop</id>
67                 <name>user-management-role-drop</name>
68                 <description>drop role</description>
69                 <permanent>true</permanent>
70             </operation>
71             <operation>
72                 <id>user-management-rbac-admin</id>
73                 <name>user-management-rbac-admin</name>
74                 <description>administer rbac</description>
75                 <permanent>true</permanent>
76             </operation>
77             <operation>
78                 <id>guest-access</id>
79                 <name>guest-access</name>
80                 <description>access guest</description>
81                 <permanent>true</permanent>
82             </operation>
83             <operation>
84                 <id>user-management-manage-data</id>
85                 <name>user-management-manage-data</name>
86                 <description>manage data</description>
87                 <permanent>true</permanent>
88             </operation>            
89         </operations>
90         <roles>
91             <role>
92                 <id>system-administrator</id>
93                 <name>System Administrator</name>
94                 <permanent>true</permanent>
95                 <assignable>true</assignable>
96                 <permissions>
97                     <permission>
98                         <id>edit-redback-configuration</id>
99                         <name>Edit Redback Configuration</name>
100                         <operation>configuration-edit</operation>
101                         <resource>global</resource>
102                         <permanent>true</permanent>
103                     </permission>
104                     <permission>
105                         <id>manage-rbac-setup</id>
106                         <name>User RBAC Management</name>
107                         <operation>user-management-rbac-admin</operation>
108                         <resource>global</resource>
109                         <permanent>true</permanent>
110                     </permission>
111                     <permission>
112                         <id>manage-rbac-data</id>
113                         <name>RBAC Manage Data</name>
114                         <operation>user-management-manage-data</operation>
115                         <resource>global</resource>
116                         <permanent>true</permanent>
117                     </permission>                    
118                 </permissions>
119                 <childRoles>
120                     <childRole>user-administrator</childRole>
121                 </childRoles>
122             </role>
123             <role>
124                 <id>user-administrator</id>
125                 <name>User Administrator</name>
126                 <permanent>true</permanent>
127                 <assignable>true</assignable>
128                 <permissions>
129                     <permission>
130                         <id>drop-roles-for-anyone</id>
131                         <name>Drop Roles for Anyone</name>
132                         <operation>user-management-role-drop</operation>
133                         <resource>global</resource>
134                         <permanent>true</permanent>
135                     </permission>
136                     <permission>
137                         <id>grant-roles-for-anyone</id>
138                         <name>Grant Roles for Anyone</name>
139                         <operation>user-management-role-grant</operation>
140                         <resource>global</resource>
141                         <permanent>true</permanent>
142                     </permission>
143                     <permission>
144                         <id>user-create</id>
145                         <name>Create Users</name>
146                         <operation>user-management-user-create</operation>
147                         <resource>global</resource>
148                         <permanent>true</permanent>
149                     </permission>
150                     <permission>
151                         <id>user-delete</id>
152                         <name>Delete Users</name>
153                         <operation>user-management-user-delete</operation>
154                         <resource>global</resource>
155                         <permanent>true</permanent>
156                     </permission>
157                     <permission>
158                         <id>user-edit</id>
159                         <name>Edit Users</name>
160                         <operation>user-management-user-edit</operation>
161                         <resource>global</resource>
162                         <permanent>true</permanent>
163                     </permission>
164                     <permission>
165                         <id>access-users-roles</id>
166                         <name>Access Users Roles</name>
167                         <operation>user-management-user-role</operation>
168                         <resource>global</resource>
169                         <permanent>true</permanent>
170                     </permission>
171                     <permission>
172                         <id>access-user-list</id>
173                         <name>Access User List</name>
174                         <operation>user-management-user-list</operation>
175                         <resource>global</resource>
176                         <permanent>true</permanent>
177                     </permission>
178                 </permissions>
179             </role>
180             <role>
181                 <id>registered-user</id>
182                 <name>Registered User</name>
183                 <permanent>true</permanent>
184                 <assignable>true</assignable>
185                 <permissions>
186                     <permission>
187                         <id>edit-user-by-username</id>
188                         <name>Edit User Data by Username</name>
189                         <operation>user-management-user-edit</operation>
190                         <resource>username</resource>
191                         <permanent>true</permanent>
192                     </permission>
193                 </permissions>
194             </role>
195             <role>
196                 <id>guest</id>
197                 <name>Guest</name>
198                 <permanent>true</permanent>
199                 <assignable>true</assignable>
200                 <permissions>
201                     <permission>
202                         <id>guest-permission</id>
203                         <name>Guest Permission</name>
204                         <operation>guest-access</operation>
205                         <resource>global</resource>
206                         <permanent>true</permanent>
207                     </permission>
208                 </permissions>
209             </role>
210         </roles>
211         </application>
212     </applications>
213 </redback-role-model>
Apache Archiva Repository: https://github.com/apache/archiva