diff --git a/provision/000_base/compose_access_control.yaml b/provision/000_base/compose_access_control.yaml index 9d6aa55014..7f434b5980 100644 --- a/provision/000_base/compose_access_control.yaml +++ b/provision/000_base/compose_access_control.yaml @@ -1,5 +1,8 @@ allow: authenticated: + corteza::compose/: + - namespaces.search + corteza::compose:namespace/*: - read @@ -12,12 +15,17 @@ allow: corteza::compose:chart/*/*: - read +# @todo implement support for record resource import in Envoy +# corteza::compose:record/*/*/*: +# - read + admins: corteza::compose/: - grant - settings.read - settings.manage - namespace.create + - namespaces.search corteza::compose:namespace/*/*: - read @@ -25,23 +33,28 @@ allow: - delete - manage - page.create + - pages.search - module.create + - modules.search - chart.create + - charts.search corteza::compose:module/*/*: - read - update - delete - record.create + - records.search corteza::compose:module-field/*/*/*: - record.value.read - record.value.update - corteza::compose:record/*/*/*: - - read - - update - - delete +# @todo implement support for record resource import in Envoy +# corteza::compose:record/*/*/*: +# - read +# - update +# - delete corteza::compose:chart/*/*: - read @@ -59,6 +72,7 @@ allow: - settings.read - settings.manage - namespace.create + - namespaces.search corteza::compose:namespace/*/*: - read @@ -66,23 +80,28 @@ allow: - delete - manage - page.create + - pages.search - module.create + - modules.search - chart.create + - charts.search corteza::compose:module/*/*: - read - update - delete - record.create + - records.search corteza::compose:module-field/*/*/*: - record.value.read - record.value.update - corteza::compose:record/*/*/*: - - read - - update - - delete +# @todo implement support for record resource import in Envoy +# corteza::compose:record/*/*/*: +# - read +# - update +# - delete corteza::compose:chart/*/*: - read diff --git a/provision/000_base/system_access_control.yaml b/provision/000_base/system_access_control.yaml index b4c779c03b..ac04fc9319 100644 --- a/provision/000_base/system_access_control.yaml +++ b/provision/000_base/system_access_control.yaml @@ -24,12 +24,18 @@ allow: - settings.read - settings.manage - application.create + - applications.search - auth-client.create + - auth-clients.search - user.create + - users.search - template.create + - templates.search - role.create + - roles.search - reminder.assign - queue.create + - queues.search corteza::system:application/*: - read @@ -85,12 +91,18 @@ allow: - settings.read - settings.manage - application.create + - applications.search - auth-client.create + - auth-clients.search - user.create + - users.search - template.create + - templates.search - role.create + - roles.search - reminder.assign - queue.create + - queues.search corteza::system:application/*: - read diff --git a/provision/200_federation/2000_access_control.yaml b/provision/200_federation/2000_access_control.yaml index df8a3d34b9..1e2595c5e0 100644 --- a/provision/200_federation/2000_access_control.yaml +++ b/provision/200_federation/2000_access_control.yaml @@ -6,6 +6,7 @@ allow: - settings.read - settings.manage - node.create + - nodes.search corteza::federation:node/*: - manage @@ -24,6 +25,7 @@ allow: - settings.read - settings.manage - node.create + - nodes.search corteza::federation:node/*: - manage