Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
C
caosdb-server
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container registry
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Issue analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
caosdb
Software
caosdb-server
Commits
5cc1e1aa
Commit
5cc1e1aa
authored
2 years ago
by
florian
Browse files
Options
Downloads
Patches
Plain Diff
DOC: Add role-permissions table
parent
10b3ef8b
No related branches found
No related tags found
1 merge request
!67
DRAFT: F permission docs
Pipeline
#27102
failed
2 years ago
Stage: info
Stage: test
Stage: deploy
Changes
2
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
src/doc/permissions.rst
+2
-0
2 additions, 0 deletions
src/doc/permissions.rst
src/doc/role-permission-table.rst
+89
-0
89 additions, 0 deletions
src/doc/role-permission-table.rst
with
91 additions
and
0 deletions
src/doc/permissions.rst
+
2
−
0
View file @
5cc1e1aa
...
...
@@ -44,6 +44,8 @@ below: role permissions and entity permissions.
Role permissions
***********************
See the :ref:`Role Permission Table` for a full list of role permissions.
.. _entity-permissions:
Entity permissions
...
...
This diff is collapsed.
Click to expand it.
src/doc/role-permission-table.rst
0 → 100644
+
89
−
0
View file @
5cc1e1aa
.. _Role Permission Table:
Role Permissions
================
Roles in CaosDB can have the following permissions
.. list-table:: Role permissions
:header-rows: 1
:widths: 33 67
* - Permission
- Description
* - ``ACCESS_SERVER_PROPERTIES``
- Permission to read the server properties.
* - ``ACM:*``
- Permissions to administrate the access controll management system. That
includes managing users, roles, and assigning permissions to roles and
roles to users.
* - ``ACM:ROLE:*``
- Permissions to manage roles, i.e. create, retrieve, update and delete
roles and assign them to users.
* - ``ACM:ROLE:ASSIGN:?ROLE?``
- Permission to assign a role (to a user).
* - ``ACM:ROLE:DELETE:?ROLE?``
- Permission to delete a role.
* - ``ACM:ROLE:INSERT``
- Permission to create a new role.
* - ``ACM:ROLE:RETRIEVE:DESCRIPTION:?ROLE?``
- Permission to retrieve the description of a role.
* - ``ACM:ROLE:RETRIEVE:PERMISSIONS:?ROLE?``
- Permission to read the permissions of a role.
* - ``ACM:ROLE:UPDATE:DESCRIPTION:?ROLE?``
- Permission to update the description of a role.
* - ``ACM:ROLE:UPDATE:PERMISSIONS:?ROLE?``
- Permission to set the permissions of a role.
* - ``ACM:USER:*``
- Permissions to manage users, i.e. create, retrieve, update and delete
users.
* - ``ACM:USER:DELETE:?REALM?:?USER?``
- Permission to delete a user
* - ``ACM:USER:INSERT:?REALM?``
- Permission to create a user in the given realm
* - ``ACM:USER:RETRIEVE:INFO:?REALM?:?USER?``
- Permission to retrieve the user info (email, entity, status)
* - ``ACM:USER:RETRIEVE:ROLES:?REALM?:?USER?``
- Permission to retrieve the roles of a user
* - ``ACM:USER:UPDATE:EMAIL:?REALM?:?USER?``
- Permission to update the email address of a user.
* - ``ACM:USER:UPDATE:ENTITY:?REALM?:?USER?``
- Permission to set the entity which is associated with a user.
* - ``ACM:USER:UPDATE:ROLES:?REALM?:?USER?``
- Permission to change the roles of a user.
* - ``ACM:USER:UPDATE:STATUS:?REALM?:?USER?``
- Permission to update the status of a user, i.e. marking them as
``ACTIVE`` or ``INACTIVE``.
* - ``ACM:USER:UPDATE_PASSWORD:?REALM?:?USER?``
- Permission to set the password of a user.
* - ``SCRIPTING:EXECUTE:?PATH?``
- Permission to execute a server-side script under the given path. Note
that, for utilizing the wild cards feature, you have to use ``':'`` as
path separator. E.g. ``'SCRIPTING:EXECUTE:my_scripts:*'`` would be the
permission to execute all executables below the ``my_scripts`` directory.
* - ``SERVERLOGS:RETRIEVE``
- Permission to read the server logs. (DEPRECATED)
* - ``STATE:*``
- Permissions to manage state models and the states of entities.
* - ``STATE:ASSIGN:?STATE_MODEL?``
- Permission to assign a state model.
* - ``STATE:FORCE:FINAL``
- Permission to force to leave a state models specified life-cycle even
though the currrent state isn't a final state in the that model.
* - ``STATE:TRANSITION:?TRANSITION?``
- Permission to initiate a transition.
* - ``STATE:UNASSIGN:?STATE_MODEL?``
- Permission to unassign a state model.
* - ``TRANSACTION:*``
- Permission to execute any writable transaction. This permission only
allows to execute these transactions in general. The necessary entities
permissions are not implied.
* - ``TRANSACTION:DELETE:?ENTITY_ROLE?``
- Permission to delete entities of a given role (e.g. Record, File,
RecordType, or Property).
* - ``TRANSACTION:INSERT:?ENTITY_ROLE?``
- Permission to insert entities of a given role (e.g. Record, File,
RecordType, or Property).
* - ``TRANSACTION:UPDATE:?ENTITY_ROLE?``
- Permission to update entities of a given role (e.g. Record, File,
RecordType, or Property).
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
