| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| <project basedir="." default="all" name="Fortress Web Sample Policy"> |
| <taskdef classname="org.apache.directory.fortress.core.ant.FortressAntTask" name="FortressAdmin" > |
| <classpath path="${java.class.path}"/> |
| </taskdef> |
| |
| <target name="all"> |
| <FortressAdmin> |
| |
| <adduser> |
| <user userId="test" password="password" description="Fortress Web Demo User" ou="demousrs1" cn="test" sn="user" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="none" endLockDate="none" dayMask="1234567" timeout="0" photo="TestPhoto1.jpeg"/> |
| <user userId="test1" password="password" description="Fortress Web Demo User1" ou="demousrs1" cn="test1" sn="user" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="none" endLockDate="none" dayMask="1234567" timeout="0"/> |
| <user userId="test2" password="password" description="Fortress Web Demo User2" ou="demousrs1" cn="test2" sn="user" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="none" endLockDate="none" dayMask="1234567" timeout="0"/> |
| <user userId="test3" password="password" description="Fortress Web Group Demo User2" ou="demousrs1" cn="test3" sn="user" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="none" endLockDate="none" dayMask="1234567" timeout="0"/> |
| </adduser> |
| |
| <adduseradminrole> |
| <!-- this fortress-core-super-admin role is created in the fortress core DelegatedAdminMgrLoad.xml policy file:--> |
| <userrole userId="test" name="fortress-core-super-admin" beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0"/> |
| <userrole userId="test1" name="fortress-web-user-admin" beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0"/> |
| <userrole userId="test2" name="fortress-web-audit-admin" beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0"/> |
| <userrole userId="test3" name="fortress-core-super-admin" beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0"/> |
| </adduseradminrole> |
| |
| <adduserrole> |
| <userrole userId="test" name="fortress-web-super-user" beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0"/> |
| <userrole userId="test" name="fortress-web-group-admin-user" beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0"/> |
| <userrole userId="test1" name="ROLE_USERS" beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0"/> |
| <userrole userId="test2" name="ROLE_AUDITOR" beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0"/> |
| <!--<userrole userId="test3" name="fortress-web-group-admin-user" beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0"/>--> |
| </adduserrole> |
| |
| <addadminrole> |
| <role name="fortress-web-user-admin" description="Fortress User Admin" osps="APP0" osus="DEV0" begininclusive="true" endinclusive="true" beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0" beginrange="" endrange=""/> |
| <role name="fortress-web-audit-admin" description="Fortress Auditor" osps="APP0" osus="DEV0" begininclusive="true" endinclusive="true" beginTime="0000" endTime="0000" beginDate="none" endDate="none" beginLockDate="none" endLockDate="none" dayMask="all" timeout="0" beginrange="" endrange=""/> |
| </addadminrole> |
| |
| <addpermgrant> |
| <permgrant objName="org.apache.directory.fortress.core.impl.AuditMgrImpl" opName="searchBinds" roleNm="fortress-web-audit-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.AuditMgrImpl" opName="searchAuthZs" roleNm="fortress-web-audit-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.AuditMgrImpl" opName="getUserAuthZs" roleNm="fortress-web-audit-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.AuditMgrImpl" opName="searchUserSessions" roleNm="fortress-web-audit-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.AuditMgrImpl" opName="searchAdminMods" roleNm="fortress-web-audit-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.AuditMgrImpl" opName="searchInvalidUsers" roleNm="fortress-web-audit-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.ReviewMgrImpl" opName="readUser" roleNm="fortress-web-audit-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.ReviewMgrImpl" opName="findUsers" roleNm="fortress-web-audit-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.ReviewMgrImpl" opName="findPermissions" roleNm="fortress-web-audit-admin" admin="true"/> |
| |
| <permgrant objName="org.apache.directory.fortress.core.impl.ReviewMgrImpl" opName="readUser" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.ReviewMgrImpl" opName="findUsers" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.ReviewMgrImpl" opName="assignedUsers" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.ReviewMgrImpl" opName="assignedRoles" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.ReviewMgrImpl" opName="authorizedUsers" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.ReviewMgrImpl" opName="authorizedRoles" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.ReviewMgrImpl" opName="userPermissions" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.ReviewMgrImpl" opName="findPermissions" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.ReviewMgrImpl" opName="findRoles" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.DelReviewMgrImpl" opName="searchOU" roleNm="fortress-web-user-admin" admin="true"/> |
| |
| <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl" opName="addUser" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl" opName="disableUser" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl" opName="deleteUser" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl" opName="updateUser" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl" opName="changePassword" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl" opName="lockUserAccount" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl" opName="unlockUserAccount" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl" opName="resetPassword" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl" opName="assignUser" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl" opName="deassignUser" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.PwPolicyMgrImpl" opName="updateUserPolicy" roleNm="fortress-web-user-admin" admin="true"/> |
| |
| <permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="add" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="update" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="delete" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="addProperty" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="deleteProperty" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="assign" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="deassign" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="read" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="find" roleNm="fortress-web-user-admin" admin="true"/> |
| <permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" opName="findWithUsers" roleNm="fortress-web-user-admin" admin="true"/> |
| </addpermgrant> |
| |
| |
| <addrole> |
| <role name="ROLE_USERS" description="Grants User page access in Fortress Web"/> |
| <role name="ROLE_ROLES" description="Grants Role page access in Fortress Web"/> |
| <role name="ROLE_PERMS" description="Grants Perm page access in Fortress Web"/> |
| <role name="ROLE_SSDS" description="Grants Static SoD page access in Fortress Web"/> |
| <role name="ROLE_DSDS" description="Grants Dynamic SoD page access in Fortress Web"/> |
| <role name="ROLE_POLICIES" description="Grants Password Policy page access in Fortress Web"/> |
| <role name="ROLE_PERMOBJS" description="Grants Permission Object page access in Fortress Web"/> |
| <role name="ROLE_USEROUS" description="Grants User Organization page access in Fortress Web"/> |
| <role name="ROLE_PERMOUS" description="Grants Permission Organization page access in Fortress Web"/> |
| <role name="ROLE_ADMINROLES" description="Grants Admin Role page access in Fortress Web"/> |
| <role name="ROLE_ADMINOBJS" description="Grants Admin Permission Object page access in Fortress Web"/> |
| <role name="ROLE_ADMINPERMS" description="Grants Admin Permission page access in Fortress Web"/> |
| <role name="ROLE_AUDIT_AUTHZS" description="Grants Audit Authorization page access in Fortress Web"/> |
| <role name="ROLE_AUDIT_MODS" description="Grants Audit Modification page access in Fortress Web"/> |
| <role name="ROLE_AUDIT_BINDS" description="Grants Audit Bind page access in Fortress Web"/> |
| <role name="ROLE_AUDITOR" description="Grants acces to all Audit pages"/> |
| <role name="ROLE_GROUPS" description="Grants Group page access in Fortress Web"/> |
| <role name="fortress-web-super-user" description="Role to access Fortress Web pages and funtions"/> |
| <role name="fortress-web-group-admin-user" description="Access User, Group, Audit and PW Policy Pages"/> |
| </addrole> |
| |
| <addroleinheritance> |
| <relationship child="fortress-web-super-user" parent="ROLE_USERS"/> |
| <relationship child="fortress-web-super-user" parent="ROLE_ROLES"/> |
| <relationship child="fortress-web-super-user" parent="ROLE_PERMS"/> |
| <relationship child="fortress-web-super-user" parent="ROLE_SSDS"/> |
| <relationship child="fortress-web-super-user" parent="ROLE_DSDS"/> |
| <relationship child="fortress-web-super-user" parent="ROLE_PERMOBJS"/> |
| <relationship child="fortress-web-super-user" parent="ROLE_USEROUS"/> |
| <relationship child="fortress-web-super-user" parent="ROLE_PERMOUS"/> |
| <relationship child="fortress-web-super-user" parent="ROLE_ADMINROLES"/> |
| <relationship child="fortress-web-super-user" parent="ROLE_ADMINOBJS"/> |
| <relationship child="fortress-web-super-user" parent="ROLE_ADMINPERMS"/> |
| <relationship child="fortress-web-super-user" parent="ROLE_GROUPS"/> |
| <relationship child="fortress-web-group-admin-user" parent="ROLE_GROUPS"/> |
| <relationship child="fortress-web-group-admin-user" parent="ROLE_POLICIES"/> |
| <relationship child="fortress-web-group-admin-user" parent="ROLE_USERS"/> |
| <relationship child="fortress-web-group-admin-user" parent="ROLE_AUDIT_AUTHZS"/> |
| <relationship child="fortress-web-group-admin-user" parent="ROLE_AUDIT_BINDS"/> |
| <relationship child="fortress-web-group-admin-user" parent="ROLE_AUDIT_MODS"/> |
| <relationship child="ROLE_AUDITOR" parent="ROLE_AUDIT_BINDS"/> |
| <relationship child="ROLE_AUDITOR" parent="ROLE_AUDIT_AUTHZS"/> |
| <relationship child="ROLE_AUDITOR" parent="ROLE_AUDIT_MODS"/> |
| </addroleinheritance> |
| |
| <addorgunit> |
| <orgunit name="demousrs1" typeName="USER" description="Test User Org 1 for Fortress Web User"/> |
| </addorgunit> |
| |
| </FortressAdmin> |
| </target> |
| </project> |