+++ /dev/null
-<!--
- ~ Licensed to the Apache Software Foundation (ASF) under one
- ~ or more contributor license agreements. See the NOTICE file
- ~ distributed with this work for additional information
- ~ regarding copyright ownership. The ASF licenses this file
- ~ to you under the Apache License, Version 2.0 (the
- ~ "License"); you may not use this file except in compliance
- ~ with the License. You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing,
- ~ software distributed under the License is distributed on an
- ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- ~ KIND, either express or implied. See the License for the
- ~ specific language governing permissions and limitations
- ~ under the License.
- -->
-
-<redback-role-model>
- <modelVersion>1.0.0</modelVersion>
- <applications>
- <application>
- <id>System</id>
- <description>Roles that apply system-wide, across all of the applications</description>
- <version>1.0.0</version>
- <resources>
- <resource>
- <id>global</id>
- <name>*</name>
- <permanent>true</permanent>
- <description>global resource implies full access for authorization</description>
- </resource>
- <resource>
- <id>username</id>
- <name>${username}</name>
- <permanent>true</permanent>
- <description>replaced with the username of the principal at authorization check time</description>
- </resource>
- </resources>
- <operations>
- <operation>
- <id>configuration-edit</id>
- <name>configuration-edit</name>
- <description>edit configuration</description>
- <permanent>true</permanent>
- </operation>
- <operation>
- <id>user-management-user-create</id>
- <name>user-management-user-create</name>
- <description>create user</description>
- <permanent>true</permanent>
- </operation>
- <operation>
- <id>user-management-user-edit</id>
- <name>user-management-user-edit</name>
- <description>edit user</description>
- <permanent>true</permanent>
- </operation>
- <operation>
- <id>user-management-user-role</id>
- <name>user-management-user-role</name>
- <description>user roles</description>
- <permanent>true</permanent>
- </operation>
- <operation>
- <id>user-management-user-delete</id>
- <name>user-management-user-delete</name>
- <description>delete user</description>
- <permanent>true</permanent>
- </operation>
- <operation>
- <id>user-management-user-list</id>
- <name>user-management-user-list</name>
- <description>list users</description>
- <permanent>true</permanent>
- </operation>
- <operation>
- <id>user-management-role-grant</id>
- <name>user-management-role-grant</name>
- <description>grant role</description>
- <permanent>true</permanent>
- </operation>
- <operation>
- <id>user-management-role-drop</id>
- <name>user-management-role-drop</name>
- <description>drop role</description>
- <permanent>true</permanent>
- </operation>
- <operation>
- <id>user-management-rbac-admin</id>
- <name>user-management-rbac-admin</name>
- <description>administer rbac</description>
- <permanent>true</permanent>
- </operation>
- <operation>
- <id>guest-access</id>
- <name>guest-access</name>
- <description>access guest</description>
- <permanent>true</permanent>
- </operation>
- <operation>
- <id>user-management-manage-data</id>
- <name>user-management-manage-data</name>
- <description>manage data</description>
- <permanent>true</permanent>
- </operation>
- </operations>
- <roles>
- <role>
- <id>system-administrator</id>
- <name>System Administrator</name>
- <permanent>true</permanent>
- <assignable>true</assignable>
- <permissions>
- <permission>
- <id>edit-redback-configuration</id>
- <name>Edit Redback Configuration</name>
- <operation>configuration-edit</operation>
- <resource>global</resource>
- <permanent>true</permanent>
- </permission>
- <permission>
- <id>manage-rbac-setup</id>
- <name>User RBAC Management</name>
- <operation>user-management-rbac-admin</operation>
- <resource>global</resource>
- <permanent>true</permanent>
- </permission>
- <permission>
- <id>manage-rbac-data</id>
- <name>RBAC Manage Data</name>
- <operation>user-management-manage-data</operation>
- <resource>global</resource>
- <permanent>true</permanent>
- </permission>
- </permissions>
- <childRoles>
- <childRole>user-administrator</childRole>
- </childRoles>
- </role>
- <role>
- <id>user-administrator</id>
- <name>User Administrator</name>
- <permanent>true</permanent>
- <assignable>true</assignable>
- <permissions>
- <permission>
- <id>drop-roles-for-anyone</id>
- <name>Drop Roles for Anyone</name>
- <operation>user-management-role-drop</operation>
- <resource>global</resource>
- <permanent>true</permanent>
- </permission>
- <permission>
- <id>grant-roles-for-anyone</id>
- <name>Grant Roles for Anyone</name>
- <operation>user-management-role-grant</operation>
- <resource>global</resource>
- <permanent>true</permanent>
- </permission>
- <permission>
- <id>user-create</id>
- <name>Create Users</name>
- <operation>user-management-user-create</operation>
- <resource>global</resource>
- <permanent>true</permanent>
- </permission>
- <permission>
- <id>user-delete</id>
- <name>Delete Users</name>
- <operation>user-management-user-delete</operation>
- <resource>global</resource>
- <permanent>true</permanent>
- </permission>
- <permission>
- <id>user-edit</id>
- <name>Edit Users</name>
- <operation>user-management-user-edit</operation>
- <resource>global</resource>
- <permanent>true</permanent>
- </permission>
- <permission>
- <id>access-users-roles</id>
- <name>Access Users Roles</name>
- <operation>user-management-user-role</operation>
- <resource>global</resource>
- <permanent>true</permanent>
- </permission>
- <permission>
- <id>access-user-list</id>
- <name>Access User List</name>
- <operation>user-management-user-list</operation>
- <resource>global</resource>
- <permanent>true</permanent>
- </permission>
- </permissions>
- </role>
- <role>
- <id>registered-user</id>
- <name>Registered User</name>
- <permanent>true</permanent>
- <assignable>true</assignable>
- <permissions>
- <permission>
- <id>edit-user-by-username</id>
- <name>Edit User Data by Username</name>
- <operation>user-management-user-edit</operation>
- <resource>username</resource>
- <permanent>true</permanent>
- </permission>
- </permissions>
- </role>
- <role>
- <id>guest</id>
- <name>Guest</name>
- <permanent>true</permanent>
- <assignable>true</assignable>
- <permissions>
- <permission>
- <id>guest-permission</id>
- <name>Guest Permission</name>
- <operation>guest-access</operation>
- <resource>global</resource>
- <permanent>true</permanent>
- </permission>
- </permissions>
- </role>
- </roles>
- </application>
- </applications>
-</redback-role-model>
\ No newline at end of file
projects / archiva.git / commitdiff