redback-integrations/redback-integrations-security/src/main/resources/META-INF/redback/redback-core.xml - archiva-redback-core - Git at Google

 <?xml version="1.0"?>

 <!--
   ~ Licensed to the Apache Software Foundation (ASF) under one
   ~ or more contributor license agreements.  See the NOTICE file
   ~ distributed with this work for additional information
   ~ regarding copyright ownership.  The ASF licenses this file
   ~ to you under the Apache License, Version 2.0 (the
   ~ "License"); you may not use this file except in compliance
   ~ with the License.  You may obtain a copy of the License at
   ~
   ~   http://www.apache.org/licenses/LICENSE-2.0
   ~
   ~ Unless required by applicable law or agreed to in writing,
   ~ software distributed under the License is distributed on an
   ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
   ~ KIND, either express or implied.  See the License for the
   ~ specific language governing permissions and limitations
   ~ under the License.
   -->
 <redback-role-model>
   <modelVersion>1.0.0</modelVersion>
   <applications>
     <application>
       <id>System</id>
       <description>Roles that apply system-wide, across all of the applications</description>
       <version>1.0.0</version>
       <resources>
         <resource>
           <id>global</id>
           <name>*</name>
           <permanent>true</permanent>
           <description>global resource implies full access for authorization</description>
         </resource>
         <resource>
           <id>username</id>
           <name>${username}</name>
           <permanent>true</permanent>
           <description>replaced with the username of the principal at authorization check time</description>
         </resource>
       </resources>
       <operations>
         <operation>
           <id>configuration-edit</id>
           <name>configuration-edit</name>
           <description>edit configuration</description>
           <permanent>true</permanent>
         </operation>
         <operation>
           <id>user-management-user-create</id>
           <name>user-management-user-create</name>
           <description>create user</description>
           <permanent>true</permanent>
         </operation>
         <operation>
           <id>user-management-user-edit</id>
           <name>user-management-user-edit</name>
           <description>edit user</description>
           <permanent>true</permanent>
         </operation>
         <operation>
           <id>user-management-user-role</id>
           <name>user-management-user-role</name>
           <description>user roles</description>
           <permanent>true</permanent>
         </operation>
         <operation>
           <id>user-management-user-delete</id>
           <name>user-management-user-delete</name>
           <description>delete user</description>
           <permanent>true</permanent>
         </operation>
         <operation>
           <id>user-management-user-list</id>
           <name>user-management-user-list</name>
           <description>list users</description>
           <permanent>true</permanent>
         </operation>
         <operation>
           <id>user-management-user-view</id>
           <name>user-management-user-view</name>
           <description>view user information</description>
           <permanent>true</permanent>
         </operation>
         <operation>
           <id>user-management-role-grant</id>
           <name>user-management-role-grant</name>
           <description>grant role</description>
           <permanent>true</permanent>
         </operation>
         <operation>
           <id>user-management-role-drop</id>
           <name>user-management-role-drop</name>
           <description>drop role</description>
           <permanent>true</permanent>
         </operation>
         <operation>
           <id>user-management-rbac-admin</id>
           <name>user-management-rbac-admin</name>
           <description>administer rbac</description>
           <permanent>true</permanent>
         </operation>
         <operation>
           <id>guest-access</id>
           <name>guest-access</name>
           <description>access guest</description>
           <permanent>true</permanent>
         </operation>
         <operation>
           <id>user-management-manage-data</id>
           <name>user-management-manage-data</name>
           <description>manage data</description>
           <permanent>true</permanent>
         </operation>
       </operations>
       <roles>
         <role>
           <id>system-administrator</id>
           <name>System Administrator</name>
           <permanent>true</permanent>
           <assignable>true</assignable>
           <permissions>
             <permission>
               <id>edit-redback-configuration</id>
               <name>Edit Redback Configuration</name>
               <operation>configuration-edit</operation>
               <resource>global</resource>
               <permanent>true</permanent>
             </permission>
             <permission>
               <id>manage-rbac-setup</id>
               <name>User RBAC Management</name>
               <operation>user-management-rbac-admin</operation>
               <resource>global</resource>
               <permanent>true</permanent>
             </permission>
             <permission>
               <id>manage-rbac-data</id>
               <name>RBAC Manage Data</name>
               <operation>user-management-manage-data</operation>
               <resource>global</resource>
               <permanent>true</permanent>
             </permission>
           </permissions>
           <childRoles>
             <childRole>user-administrator</childRole>
           </childRoles>
         </role>
         <role>
           <id>user-administrator</id>
           <name>User Administrator</name>
           <permanent>true</permanent>
           <assignable>true</assignable>
           <permissions>
             <permission>
               <id>drop-roles-for-anyone</id>
               <name>Drop Roles for Anyone</name>
               <operation>user-management-role-drop</operation>
               <resource>global</resource>
               <permanent>true</permanent>
             </permission>
             <permission>
               <id>grant-roles-for-anyone</id>
               <name>Grant Roles for Anyone</name>
               <operation>user-management-role-grant</operation>
               <resource>global</resource>
               <permanent>true</permanent>
             </permission>
             <permission>
               <id>user-create</id>
               <name>Create Users</name>
               <operation>user-management-user-create</operation>
               <resource>global</resource>
               <permanent>true</permanent>
             </permission>
             <permission>
               <id>user-delete</id>
               <name>Delete Users</name>
               <operation>user-management-user-delete</operation>
               <resource>global</resource>
               <permanent>true</permanent>
             </permission>
             <permission>
               <id>user-edit</id>
               <name>Edit Users</name>
               <operation>user-management-user-edit</operation>
               <resource>global</resource>
               <permanent>true</permanent>
             </permission>
             <permission>
               <id>access-users-roles</id>
               <name>Access Users Roles</name>
               <operation>user-management-user-role</operation>
               <resource>global</resource>
               <permanent>true</permanent>
             </permission>
             <permission>
               <id>access-user-list</id>
               <name>Access User List</name>
               <operation>user-management-user-list</operation>
               <resource>global</resource>
               <permanent>true</permanent>
             </permission>
             <permission>
               <id>access-user-data</id>
               <name>Access User Data</name>
               <operation>user-management-user-view</operation>
               <resource>global</resource>
               <permanent>true</permanent>
             </permission>
           </permissions>
         </role>
         <role>
           <id>registered-user</id>
           <name>Registered User</name>
           <permanent>true</permanent>
           <assignable>true</assignable>
           <permissions>
             <permission>
               <id>edit-user-by-username</id>
               <name>Edit User Data by Username</name>
               <operation>user-management-user-edit</operation>
               <resource>username</resource>
               <permanent>true</permanent>
             </permission>
             <permission>
               <id>view-user-by-username</id>
               <name>View User Data by Username</name>
               <operation>user-management-user-view</operation>
               <resource>username</resource>
               <permanent>true</permanent>
             </permission>
           </permissions>
         </role>
         <role>
           <id>guest</id>
           <name>Guest</name>
           <permanent>true</permanent>
           <assignable>true</assignable>
           <permissions>
             <permission>
               <id>guest-permission</id>
               <name>Guest Permission</name>
               <operation>guest-access</operation>
               <resource>global</resource>
               <permanent>true</permanent>
             </permission>
           </permissions>
         </role>
       </roles>
     </application>
   </applications>
 </redback-role-model>
	<?xml version="1.0"?>

	<!--
	~ Licensed to the Apache Software Foundation (ASF) under one
	~ or more contributor license agreements. See the NOTICE file
	~ distributed with this work for additional information
	~ regarding copyright ownership. The ASF licenses this file
	~ to you under the Apache License, Version 2.0 (the
	~ "License"); you may not use this file except in compliance
	~ with the License. You may obtain a copy of the License at
	~
	~ http://www.apache.org/licenses/LICENSE-2.0
	~
	~ Unless required by applicable law or agreed to in writing,
	~ software distributed under the License is distributed on an
	~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	~ KIND, either express or implied. See the License for the
	~ specific language governing permissions and limitations
	~ under the License.
	-->
	<redback-role-model>
	<modelVersion>1.0.0</modelVersion>
	<applications>
	<application>
	<id>System</id>
	<description>Roles that apply system-wide, across all of the applications</description>
	<version>1.0.0</version>
	<resources>
	<resource>
	<id>global</id>
	<name>*</name>
	<permanent>true</permanent>
	<description>global resource implies full access for authorization</description>
	</resource>
	<resource>
	<id>username</id>
	<name>${username}</name>
	<permanent>true</permanent>
	<description>replaced with the username of the principal at authorization check time</description>
	</resource>
	</resources>
	<operations>
	<operation>
	<id>configuration-edit</id>
	<name>configuration-edit</name>
	<description>edit configuration</description>
	<permanent>true</permanent>
	</operation>
	<operation>
	<id>user-management-user-create</id>
	<name>user-management-user-create</name>
	<description>create user</description>
	<permanent>true</permanent>
	</operation>
	<operation>
	<id>user-management-user-edit</id>
	<name>user-management-user-edit</name>
	<description>edit user</description>
	<permanent>true</permanent>
	</operation>
	<operation>
	<id>user-management-user-role</id>
	<name>user-management-user-role</name>
	<description>user roles</description>
	<permanent>true</permanent>
	</operation>
	<operation>
	<id>user-management-user-delete</id>
	<name>user-management-user-delete</name>
	<description>delete user</description>
	<permanent>true</permanent>
	</operation>
	<operation>
	<id>user-management-user-list</id>
	<name>user-management-user-list</name>
	<description>list users</description>
	<permanent>true</permanent>
	</operation>
	<operation>
	<id>user-management-user-view</id>
	<name>user-management-user-view</name>
	<description>view user information</description>
	<permanent>true</permanent>
	</operation>
	<operation>
	<id>user-management-role-grant</id>
	<name>user-management-role-grant</name>
	<description>grant role</description>
	<permanent>true</permanent>
	</operation>
	<operation>
	<id>user-management-role-drop</id>
	<name>user-management-role-drop</name>
	<description>drop role</description>
	<permanent>true</permanent>
	</operation>
	<operation>
	<id>user-management-rbac-admin</id>
	<name>user-management-rbac-admin</name>
	<description>administer rbac</description>
	<permanent>true</permanent>
	</operation>
	<operation>
	<id>guest-access</id>
	<name>guest-access</name>
	<description>access guest</description>
	<permanent>true</permanent>
	</operation>
	<operation>
	<id>user-management-manage-data</id>
	<name>user-management-manage-data</name>
	<description>manage data</description>
	<permanent>true</permanent>
	</operation>
	</operations>
	<roles>
	<role>
	<id>system-administrator</id>
	<name>System Administrator</name>
	<permanent>true</permanent>
	<assignable>true</assignable>
	<permissions>
	<permission>
	<id>edit-redback-configuration</id>
	<name>Edit Redback Configuration</name>
	<operation>configuration-edit</operation>
	<resource>global</resource>
	<permanent>true</permanent>
	</permission>
	<permission>
	<id>manage-rbac-setup</id>
	<name>User RBAC Management</name>
	<operation>user-management-rbac-admin</operation>
	<resource>global</resource>
	<permanent>true</permanent>
	</permission>
	<permission>
	<id>manage-rbac-data</id>
	<name>RBAC Manage Data</name>
	<operation>user-management-manage-data</operation>
	<resource>global</resource>
	<permanent>true</permanent>
	</permission>
	</permissions>
	<childRoles>
	<childRole>user-administrator</childRole>
	</childRoles>
	</role>
	<role>
	<id>user-administrator</id>
	<name>User Administrator</name>
	<permanent>true</permanent>
	<assignable>true</assignable>
	<permissions>
	<permission>
	<id>drop-roles-for-anyone</id>
	<name>Drop Roles for Anyone</name>
	<operation>user-management-role-drop</operation>
	<resource>global</resource>
	<permanent>true</permanent>
	</permission>
	<permission>
	<id>grant-roles-for-anyone</id>
	<name>Grant Roles for Anyone</name>
	<operation>user-management-role-grant</operation>
	<resource>global</resource>
	<permanent>true</permanent>
	</permission>
	<permission>
	<id>user-create</id>
	<name>Create Users</name>
	<operation>user-management-user-create</operation>
	<resource>global</resource>
	<permanent>true</permanent>
	</permission>
	<permission>
	<id>user-delete</id>
	<name>Delete Users</name>
	<operation>user-management-user-delete</operation>
	<resource>global</resource>
	<permanent>true</permanent>
	</permission>
	<permission>
	<id>user-edit</id>
	<name>Edit Users</name>
	<operation>user-management-user-edit</operation>
	<resource>global</resource>
	<permanent>true</permanent>
	</permission>
	<permission>
	<id>access-users-roles</id>
	<name>Access Users Roles</name>
	<operation>user-management-user-role</operation>
	<resource>global</resource>
	<permanent>true</permanent>
	</permission>
	<permission>
	<id>access-user-list</id>
	<name>Access User List</name>
	<operation>user-management-user-list</operation>
	<resource>global</resource>
	<permanent>true</permanent>
	</permission>
	<permission>
	<id>access-user-data</id>
	<name>Access User Data</name>
	<operation>user-management-user-view</operation>
	<resource>global</resource>
	<permanent>true</permanent>
	</permission>
	</permissions>
	</role>
	<role>
	<id>registered-user</id>
	<name>Registered User</name>
	<permanent>true</permanent>
	<assignable>true</assignable>
	<permissions>
	<permission>
	<id>edit-user-by-username</id>
	<name>Edit User Data by Username</name>
	<operation>user-management-user-edit</operation>
	<resource>username</resource>
	<permanent>true</permanent>
	</permission>
	<permission>
	<id>view-user-by-username</id>
	<name>View User Data by Username</name>
	<operation>user-management-user-view</operation>
	<resource>username</resource>
	<permanent>true</permanent>
	</permission>
	</permissions>
	</role>
	<role>
	<id>guest</id>
	<name>Guest</name>
	<permanent>true</permanent>
	<assignable>true</assignable>
	<permissions>
	<permission>
	<id>guest-permission</id>
	<name>Guest Permission</name>
	<operation>guest-access</operation>
	<resource>global</resource>
	<permanent>true</permanent>
	</permission>
	</permissions>
	</role>
	</roles>
	</application>
	</applications>
	</redback-role-model>