-
Notifications
You must be signed in to change notification settings - Fork 81
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Ian Ross
committed
Mar 15, 2016
1 parent
f5b139a
commit 7b4f0cd
Showing
6 changed files
with
36 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,9 +1,12 @@ | ||
| { | ||
| "clause": [ | ||
| // In addition to the permissions provided by the default | ||
| // policy, data collectors are allowed to manage resources for a | ||
| // specified project within a specified organization. | ||
| { | ||
| "effect": "allow", | ||
| "action": ["project.resources.*"], | ||
| "object": ["project/$organization/$project"], | ||
| "object": ["project/$organization/$project"] | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,15 +1,20 @@ | ||
| { | ||
| "clause": [ | ||
| // In addition to the permissions provided by the default | ||
| // policy, organization administrators are allowed to perform all | ||
| // organization management actions for a specified organization, | ||
| // and all project management actions for all projects within a | ||
| // specified organization. | ||
| { | ||
| "effect": "allow", | ||
| "action": ["org.*", "org.*.*", "project.*", "project.*.*"], | ||
| "object": ["organization/$organization"], | ||
| "object": ["organization/$organization"] | ||
| }, | ||
|
|
||
| { | ||
| "effect": "allow", | ||
| "action": ["project.*", "project.*.*"], | ||
| "object": ["project/$organization/*"], | ||
| "object": ["project/$organization/*"] | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,14 +1,19 @@ | ||
| { | ||
| "clause": [ | ||
| // In addition to the permissions provided by the default | ||
| // policy, project managers are allowed to perform all project | ||
| // management actions, except for project archiving and | ||
| // unarchiving, for a specified project within a specified | ||
| // organization. | ||
| { | ||
| "effect": "allow", | ||
| "action": ["project.*", "project.*.*"], | ||
| "object": ["project/$organization/$project"], | ||
| "object": ["project/$organization/$project"] | ||
| }, | ||
| { | ||
| "effect": "deny", | ||
| "action": ["project.archive", "project.unarchive"], | ||
| "object": ["project/$organization/$project"], | ||
| "object": ["project/$organization/$project"] | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,13 +1,8 @@ | ||
| { | ||
| "clause": [ | ||
| { | ||
| "effect": "allow", | ||
| "action": ["org.list", "org.create"] | ||
| }, | ||
| { | ||
| "effect": "allow", | ||
| "object": ["organization/*"], | ||
| "action": ["org.view"] | ||
| } | ||
| // Currently, "ordinary" users associated with a project have no | ||
| // additional permissions over those given to all users. This may | ||
| // change in the future. In particular, project users may be | ||
| // permitted access to projects that are normally private. | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters