| <?xml version="1.0"?> |
| |
| <!-- |
| ~ Licensed to the Apache Software Foundation (ASF) under one |
| ~ or more contributor license agreements. See the NOTICE file |
| ~ distributed with this work for additional information |
| ~ regarding copyright ownership. The ASF licenses this file |
| ~ to you under the Apache License, Version 2.0 (the |
| ~ "License"); you may not use this file except in compliance |
| ~ with the License. You may obtain a copy of the License at |
| ~ |
| ~ http://www.apache.org/licenses/LICENSE-2.0 |
| ~ |
| ~ Unless required by applicable law or agreed to in writing, |
| ~ software distributed under the License is distributed on an |
| ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| ~ KIND, either express or implied. See the License for the |
| ~ specific language governing permissions and limitations |
| ~ under the License. |
| --> |
| <redback-role-model> |
| <modelVersion>1.0.0</modelVersion> |
| <applications> |
| <application> |
| <id>System</id> |
| <description>Roles that apply system-wide, across all of the applications</description> |
| <version>1.0.0</version> |
| <resources> |
| <resource> |
| <id>global</id> |
| <name>*</name> |
| <permanent>true</permanent> |
| <description>global resource implies full access for authorization</description> |
| </resource> |
| <resource> |
| <id>username</id> |
| <name>${username}</name> |
| <permanent>true</permanent> |
| <description>replaced with the username of the principal at authorization check time</description> |
| </resource> |
| </resources> |
| <operations> |
| <operation> |
| <id>configuration-edit</id> |
| <name>configuration-edit</name> |
| <description>edit configuration</description> |
| <permanent>true</permanent> |
| </operation> |
| <operation> |
| <id>user-management-user-create</id> |
| <name>user-management-user-create</name> |
| <description>create user</description> |
| <permanent>true</permanent> |
| </operation> |
| <operation> |
| <id>user-management-user-edit</id> |
| <name>user-management-user-edit</name> |
| <description>edit user</description> |
| <permanent>true</permanent> |
| </operation> |
| <operation> |
| <id>user-management-user-role</id> |
| <name>user-management-user-role</name> |
| <description>user roles</description> |
| <permanent>true</permanent> |
| </operation> |
| <operation> |
| <id>user-management-user-delete</id> |
| <name>user-management-user-delete</name> |
| <description>delete user</description> |
| <permanent>true</permanent> |
| </operation> |
| <operation> |
| <id>user-management-user-list</id> |
| <name>user-management-user-list</name> |
| <description>list users</description> |
| <permanent>true</permanent> |
| </operation> |
| <operation> |
| <id>user-management-user-view</id> |
| <name>user-management-user-view</name> |
| <description>view user information</description> |
| <permanent>true</permanent> |
| </operation> |
| <operation> |
| <id>user-management-role-grant</id> |
| <name>user-management-role-grant</name> |
| <description>grant role</description> |
| <permanent>true</permanent> |
| </operation> |
| <operation> |
| <id>user-management-role-drop</id> |
| <name>user-management-role-drop</name> |
| <description>drop role</description> |
| <permanent>true</permanent> |
| </operation> |
| <operation> |
| <id>user-management-rbac-admin</id> |
| <name>user-management-rbac-admin</name> |
| <description>administer rbac</description> |
| <permanent>true</permanent> |
| </operation> |
| <operation> |
| <id>guest-access</id> |
| <name>guest-access</name> |
| <description>access guest</description> |
| <permanent>true</permanent> |
| </operation> |
| <operation> |
| <id>user-management-manage-data</id> |
| <name>user-management-manage-data</name> |
| <description>manage data</description> |
| <permanent>true</permanent> |
| </operation> |
| </operations> |
| <roles> |
| <role> |
| <id>system-administrator</id> |
| <name>System Administrator</name> |
| <permanent>true</permanent> |
| <assignable>true</assignable> |
| <permissions> |
| <permission> |
| <id>edit-redback-configuration</id> |
| <name>Edit Redback Configuration</name> |
| <operation>configuration-edit</operation> |
| <resource>global</resource> |
| <permanent>true</permanent> |
| </permission> |
| <permission> |
| <id>manage-rbac-setup</id> |
| <name>User RBAC Management</name> |
| <operation>user-management-rbac-admin</operation> |
| <resource>global</resource> |
| <permanent>true</permanent> |
| </permission> |
| <permission> |
| <id>manage-rbac-data</id> |
| <name>RBAC Manage Data</name> |
| <operation>user-management-manage-data</operation> |
| <resource>global</resource> |
| <permanent>true</permanent> |
| </permission> |
| </permissions> |
| <childRoles> |
| <childRole>user-administrator</childRole> |
| </childRoles> |
| </role> |
| <role> |
| <id>user-administrator</id> |
| <name>User Administrator</name> |
| <permanent>true</permanent> |
| <assignable>true</assignable> |
| <permissions> |
| <permission> |
| <id>drop-roles-for-anyone</id> |
| <name>Drop Roles for Anyone</name> |
| <operation>user-management-role-drop</operation> |
| <resource>global</resource> |
| <permanent>true</permanent> |
| </permission> |
| <permission> |
| <id>grant-roles-for-anyone</id> |
| <name>Grant Roles for Anyone</name> |
| <operation>user-management-role-grant</operation> |
| <resource>global</resource> |
| <permanent>true</permanent> |
| </permission> |
| <permission> |
| <id>user-create</id> |
| <name>Create Users</name> |
| <operation>user-management-user-create</operation> |
| <resource>global</resource> |
| <permanent>true</permanent> |
| </permission> |
| <permission> |
| <id>user-delete</id> |
| <name>Delete Users</name> |
| <operation>user-management-user-delete</operation> |
| <resource>global</resource> |
| <permanent>true</permanent> |
| </permission> |
| <permission> |
| <id>user-edit</id> |
| <name>Edit Users</name> |
| <operation>user-management-user-edit</operation> |
| <resource>global</resource> |
| <permanent>true</permanent> |
| </permission> |
| <permission> |
| <id>access-users-roles</id> |
| <name>Access Users Roles</name> |
| <operation>user-management-user-role</operation> |
| <resource>global</resource> |
| <permanent>true</permanent> |
| </permission> |
| <permission> |
| <id>access-user-list</id> |
| <name>Access User List</name> |
| <operation>user-management-user-list</operation> |
| <resource>global</resource> |
| <permanent>true</permanent> |
| </permission> |
| <permission> |
| <id>access-user-data</id> |
| <name>Access User Data</name> |
| <operation>user-management-user-view</operation> |
| <resource>global</resource> |
| <permanent>true</permanent> |
| </permission> |
| </permissions> |
| </role> |
| <role> |
| <id>registered-user</id> |
| <name>Registered User</name> |
| <permanent>true</permanent> |
| <assignable>true</assignable> |
| <permissions> |
| <permission> |
| <id>edit-user-by-username</id> |
| <name>Edit User Data by Username</name> |
| <operation>user-management-user-edit</operation> |
| <resource>username</resource> |
| <permanent>true</permanent> |
| </permission> |
| <permission> |
| <id>view-user-by-username</id> |
| <name>View User Data by Username</name> |
| <operation>user-management-user-view</operation> |
| <resource>username</resource> |
| <permanent>true</permanent> |
| </permission> |
| </permissions> |
| </role> |
| <role> |
| <id>guest</id> |
| <name>Guest</name> |
| <permanent>true</permanent> |
| <assignable>true</assignable> |
| <permissions> |
| <permission> |
| <id>guest-permission</id> |
| <name>Guest Permission</name> |
| <operation>guest-access</operation> |
| <resource>global</resource> |
| <permanent>true</permanent> |
| </permission> |
| </permissions> |
| </role> |
| </roles> |
| </application> |
| </applications> |
| </redback-role-model> |