Skip to content

Commit

Permalink
Merge a9a592f into c7ddb87
Browse files Browse the repository at this point in the history
  • Loading branch information
@paulineribeyre
paulineribeyre committed May 29, 2020
2 parents c7ddb87 + a9a592f commit 1c85440
Show file tree
Hide file tree
Showing 3 changed files with 402 additions and 0 deletions.
182 changes: 182 additions & 0 deletions docs/base_user.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,182 @@
authz:
# policies automatically given to anyone, even if they are not authenticated
anonymous_policies:
- open_data_reader

# policies automatically given to authenticated users (in addition to their other policies)
all_users_policies:
- open_data_reader

groups:
# can CRUD programs and projects and upload data files
- name: data_submitters
policies:
- services.sheepdog-admin
- data_upload
- MyFirstProject_submitter
users:
- username1@gmail.com

# can create/update/delete indexd records
- name: indexd_admins
policies:
- indexd_admin
users:
- username1@gmail.com

resources:
- name: workspace
- name: data_file
- name: services
subresources:
- name: sheepdog
subresources:
- name: submission
subresources:
- name: program
- name: project
- name: open
- name: programs
subresources:
- name: MyFirstProgram
subresources:
- name: projects
subresources:
- name: MyFirstProject

policies:
- id: workspace
description: be able to use workspace
resource_paths:
- /workspace
role_ids:
- workspace_user
- id: data_upload
description: upload raw data files to S3
role_ids:
- file_uploader
resource_paths:
- /data_file
- id: services.sheepdog-admin
description: CRUD access to programs and projects
role_ids:
- sheepdog_admin
resource_paths:
- /services/sheepdog/submission/program
- /services/sheepdog/submission/project
- id: indexd_admin
description: full access to indexd API
role_ids:
- indexd_admin
resource_paths:
- /programs
- id: open_data_reader
role_ids:
- reader
- storage_reader
resource_paths:
- /open
- id: all_programs_reader
role_ids:
- reader
- storage_reader
resource_paths:
- /programs
- id: MyFirstProject_submitter
role_ids:
- reader
- creator
- updater
- deleter
- storage_reader
- storage_writer
resource_paths:
- /programs

roles:
- id: file_uploader
permissions:
- id: file_upload
action:
service: fence
method: file_upload
- id: workspace_user
permissions:
- id: workspace_access
action:
service: jupyterhub
method: access
- id: sheepdog_admin
description: CRUD access to programs and projects
permissions:
- id: sheepdog_admin_action
action:
service: sheepdog
method: '*'
- id: indexd_admin
description: full access to indexd API
permissions:
- id: indexd_admin
action:
service: indexd
method: '*'
- id: admin
permissions:
- id: admin
action:
service: '*'
method: '*'
- id: creator
permissions:
- id: creator
action:
service: '*'
method: create
- id: reader
permissions:
- id: reader
action:
service: '*'
method: read
- id: updater
permissions:
- id: updater
action:
service: '*'
method: update
- id: deleter
permissions:
- id: deleter
action:
service: '*'
method: delete
- id: storage_writer
permissions:
- id: storage_creator
action:
service: '*'
method: write-storage
- id: storage_reader
permissions:
- id: storage_reader
action:
service: '*'
method: read-storage

clients:
wts:
policies:
- all_programs_reader
- open_data_reader

users:
username1@gmail.com: {}
username2:
tags:
name: John Doe
email: johndoe@gmail.com
policies:
- MyFirstProject_submitter

cloud_providers: {}
groups: {}
Loading

0 comments on commit 1c85440

Please sign in to comment.