diff --git a/.github/workflows/test-install.yml b/.github/workflows/test-install.yml index c3d8d8957..0e2be7a2a 100644 --- a/.github/workflows/test-install.yml +++ b/.github/workflows/test-install.yml @@ -7,14 +7,14 @@ name: Build on: push: - branches: [ master ] + branches: [ main,develop ] paths-ignore: - 'documentation/**' - 'design/**' pull_request: types: [ ready_for_review review_requested ] - branches: [ master ] + branches: [ main,develop ] paths-ignore: - 'documentation/**' - 'design/**' diff --git a/ansible.cfg b/ansible.cfg index 921acf2a7..f51e5ef6f 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -3,6 +3,7 @@ inventory = inventory #timeout = 60 force_handlers = True +stdout_callback = yaml [ssh_connection] pipelining = True diff --git a/documentation/api/hasura-documentation.md b/documentation/api/hasura-documentation.md new file mode 100644 index 000000000..2ef00d9c5 --- /dev/null +++ b/documentation/api/hasura-documentation.md @@ -0,0 +1,68 @@ +# Hasura Documentation + +## Upgrade tables & permissions + +In FWO v5.3.4 we are migrating from hasura v1.x to v2.x. +Therefore upgrades to database tables and permissions now need to be handled as follows: +- apply your changes (e.g. permissions) in the graphql console (https://:9443/api/) after logging in with hasura admin secret (to be found in ~/etc/secrets/hasura_admin_pwd) +- go to settings menu (cogwheel in top right corner) +- choose export metadata to json file +- copy the metadata {...} part of this file to source roles/api/files/replace_metadata.json (also into metadata {} part) +- run `ansible-playbook site.yml "installation_mode=upgrade" -K` + +## Configuration parameters + +### HASURA_GRAPHQL_DATABASE_URL +- value: "postgres://{{ api_user }}:{{ api_user_password }}@{{ fworch_db_host }}:{{ fworch_db_port }}/{{ fworch_db_name }}" +- description: the database connection string (currently using a single database for firewall and metadata) + +### HASURA_GRAPHQL_ENABLE_CONSOLE +- value: "true" +- description: default is true, set this to false if you want to disable access to hasura console (loosing graphiql access as well) + +### HASURA_GRAPHQL_ENABLE_TELEMETRY +- value: "false" +- description: do not send telemtry data to hasura + +### HASURA_GRAPHQL_ADMIN_SECRET +- value: "{{ api_hasura_admin_secret }}" +- description: randomly generated admin secret for hasura console access + +### HASURA_GRAPHQL_LOG_LEVEL +- value: "{{ api_log_level }}" +- description: default = info + +### HASURA_GRAPHQL_ENABLED_LOG_TYPES +- value: '{{ api_HASURA_GRAPHQL_ENABLED_LOG_TYPES }}' +- description: default="startup, http-log, websocket-log" + +### HASURA_GRAPHQL_CONSOLE_ASSETS_DIR +- value: "/srv/console-assets" +- description: ? + +### HASURA_GRAPHQL_V1_BOOLEAN_NULL_COLLAPSE +- value: "true" +- description: true means make the graphql API v2.x backward compatible with v1.0 (null result in where clause means true). Default settings "false" breaks query functionality. This might have to be migrated later to ensure new standard logic. See . + +### HASURA_GRAPHQL_CORS_DOMAIN +- value: "*" +- description: See https://hasura.io/docs/latest/graphql/core/deployment/graphql-engine-flags/config-examples.html. Value "*" means no restrictions. For CORS explanation see . Can be restricted in customer environment if needed. + +### HASURA_GRAPHQL_JWT_SECRET +- value: +``` +'{ + "type": "{{ api_hasura_jwt_alg|quote }}", + "key": "{{ api_hasura_jwt_secret | regex_replace(''\n'', ''\\n'') }}", + "claims_namespace_path": "$" + }' +``` +- description: the JWT secret containing of algorithm, key (public key part) and an optional claims_namespace_path with default value "$", meaning to specific path. + +### HTTP_PROXY +- value: "{{ http_proxy }}" +- description: allows outbound connections for the docker container via a proxy. + +### HTTPS_PROXY +- value: "{{ https_proxy }}" +- description: allows outbound connections for the docker container via a proxy. diff --git a/documentation/installer/install-for-testing.md b/documentation/installer/install-for-testing.md index 2532b1cb1..0d33268cd 100644 --- a/documentation/installer/install-for-testing.md +++ b/documentation/installer/install-for-testing.md @@ -34,7 +34,7 @@ Set debug level for extended debugging info during installation. ```console ansible-playbook/ site.yml -e "debug_level='2'" -K ``` -## Running tests after installation +## Running integration tests after installation/upgrade To only run tests (for an existing installation) use tags as follows: @@ -42,6 +42,14 @@ To only run tests (for an existing installation) use tags as follows: ansible-playbook/ site.yml --tags test -K ``` +## Running unit tests only + +To only run tests (for an existing installation, can only be combined with installation_mode=upgrade) use tags as follows: + +```console +ansible-playbook/ site.yml --tags unittest -e "installation_mode=upgrade" -K +``` + ## Parameter "api_no_metadata" to prevent meta data import e.g. if your hasura metadata file needs to be re-created from scratch, then use the following switch:: diff --git a/documentation/installer/server-install.md b/documentation/installer/server-install.md index 284447486..a0e757b2d 100644 --- a/documentation/installer/server-install.md +++ b/documentation/installer/server-install.md @@ -1,59 +1,38 @@ # Installation instructions server - use latest debian or ubuntu minimal server with ssh service running (need to install and configure sudo for debian) -- this will install various software components to your system. It is recommended to do so on a dedicated (test) system. +- currently recommended platform is Ubuntu Server 20.04 TLS +- We will install various software components to your system. It is recommended to do so on a dedicated (test) system. -1) prepare your test system (install packages needed for install script and create and autorize ssh key pair to allow ssh login to localhost for ansible connect) +1) prepare your test system (make sure your user has full sudo permissions) ```console su - -apt-get install git ansible ssh sudo +apt-get install git ansible sudo ``` if not already configured, add your current user to sudo group (make sure to activate this change by starting new shell or even rebooting): ```console usermod -a -G sudo `whoami` - -exit -# from here in standard user context - -ssh-keygen -b 4096 -cat .ssh/id_rsa.pub >>.ssh/authorized_keys -chmod 600 .ssh/authorized_keys ``` -2) test system connectivity necessary for installation - -test ssh connectivity to localhost (127.0.0.1) using public key auth (add .ssh/authorized_keys) - -```console -ssh 127.0.0.1 -``` - -make sure you can use ansible locally - -```console -ansible -m ping 127.0.0.1 -``` - -3) get Firewall Orchestrator with the following command - +2) get Firewall Orchestrator with the following command (as normal user) ```console git clone https://github.com/CactuseSecurity/firewall-orchestrator.git ``` -4) if ansible version < 2.8 (older systems like ubuntu 18.04, debian 10), install latest ansible +3) if ansible version < 2.8 (older systems like ubuntu 18.04, debian 10), install latest ansible cd firewall-orchestrator; ansible-playbook scripts/install-latest-ansible.yml -K -5) install (on localhost) +4) install (on localhost) ```console cd firewall-orchestrator; ansible-playbook site.yml -K ``` Enter sudo password when prompted "BECOME or SUDO password:" -That's it firewall-orchestrator is ready for usage. You will find the randomly generated login credentials printed out at the very end of the installation: +That's it. Firewall-orchestrator is ready for usage. You will find the randomly generated login credentials printed out at the very end of the installation: ``` ... TASK [display secrets for this installation] *********************************** @@ -70,12 +49,3 @@ fworch-srv : ok=302 changed=171 unreachable=0 failed=0 s Simply navigate to and login with user 'admin' and the UI admin password. The api hasura admin secret can be used to access the API at . - - -6) upgrade - -```console - cd firewall-orchestrator - git pull - ansible-playbook site.yml -K -e "installation_mode=upgrade" -``` diff --git a/documentation/installer/server-upgrade.md b/documentation/installer/server-upgrade.md new file mode 100644 index 000000000..d488e1c02 --- /dev/null +++ b/documentation/installer/server-upgrade.md @@ -0,0 +1,9 @@ +# Upgrade instructions + +it is really simple: + +```console + cd firewall-orchestrator + git pull + ansible-playbook site.yml -K -e "installation_mode=upgrade" +``` diff --git a/documentation/revision-history.md b/documentation/revision-history.md index 6dc4f690e..fa99e62cc 100644 --- a/documentation/revision-history.md +++ b/documentation/revision-history.md @@ -136,3 +136,6 @@ adding report template format fk and permissions ### 5.3.3 - 10.07.2021 - add column ldap_name to ldap_connection - add column ldap_connection_id to uiuser + +### 5.3.4 - 29.07.2021 +- moving to API hasura v2.0 diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml index 022cd7ee9..9b9dba15c 100644 --- a/inventory/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -1,5 +1,5 @@ ### general settings -product_version: "5.3.3" +product_version: "5.3.4" ansible_python_interpreter: /usr/bin/python3 ansible_ssh_common_args: '-o StrictHostKeyChecking=no' product_name: fworch @@ -82,7 +82,6 @@ api_service_name: fworch-hasura-docker-api api_container_name: "{{ product_name }}-api" api_ip_address: "127.0.0.1" api_web_port: 9443 -#api_hasura_jwt_alg: "HS384" api_hasura_jwt_alg: "RS256" api_hasura_jwt_secret: "fake-jwt-secret-for-github-install" api_uri: "https://{{ api_ip_address }}:{{ api_web_port }}/api/v1/graphql" diff --git a/inventory/group_vars/apiserver.yml b/inventory/group_vars/apiserver.yml index 4b0623ad0..8d186c067 100644 --- a/inventory/group_vars/apiserver.yml +++ b/inventory/group_vars/apiserver.yml @@ -6,7 +6,7 @@ api_hasura_admin_test_password: "not4production" api_user_email: "{{ api_user }}@{{ api_ip_address }}" api_home: "{{ fworch_home }}/api" api_hasura_cli_bin: "/usr/local/bin/hasura" -api_hasura_version: "v1.3.3" +api_hasura_version: "v2.0.3" api_project_name: api api_no_metadata: false # debug > info > warn > error diff --git a/inventory/group_vars/testservers.yml b/inventory/group_vars/testservers.yml index 8380f8833..fcf82c3f2 100644 --- a/inventory/group_vars/testservers.yml +++ b/inventory/group_vars/testservers.yml @@ -1,3 +1,4 @@ install_webhook: no webhook_install_mode: reinstall -# webhook_install_mode: upgrade \ No newline at end of file +# webhook_install_mode: upgrade +webhook_branch: develop diff --git a/roles/api/files/hasura_metadata.yaml b/roles/api/files/hasura_metadata.yaml deleted file mode 100644 index 790509060..000000000 --- a/roles/api/files/hasura_metadata.yaml +++ /dev/null @@ -1,5552 +0,0 @@ -functions: -- function: - name: get_visible_devices_per_tenant - schema: public -- function: - name: get_visible_managements_per_tenant - schema: public -tables: -- array_relationships: - - name: request_object_changes - using: - foreign_key_constraint_on: - column: log_obj_id - table: - name: request_object_change - schema: public - object_relationships: - - name: import_control - using: - foreign_key_constraint_on: control_id - - name: management - using: - foreign_key_constraint_on: mgm_id - - name: object - using: - foreign_key_constraint_on: new_obj_id - - name: objectByOldObjId - using: - foreign_key_constraint_on: old_obj_id - - name: stm_change_type - using: - foreign_key_constraint_on: change_type_id - - name: uiuser - using: - foreign_key_constraint_on: doku_admin - - name: uiuserByImportAdmin - using: - foreign_key_constraint_on: import_admin - table: - name: changelog_object - schema: public -- array_relationships: - - name: request_rule_changes - using: - foreign_key_constraint_on: - column: log_rule_id - table: - name: request_rule_change - schema: public - object_relationships: - - name: device - using: - foreign_key_constraint_on: dev_id - - name: import_control - using: - foreign_key_constraint_on: control_id - - name: management - using: - foreign_key_constraint_on: mgm_id - - name: rule - using: - foreign_key_constraint_on: new_rule_id - - name: ruleByOldRuleId - using: - foreign_key_constraint_on: old_rule_id - - name: stm_change_type - using: - foreign_key_constraint_on: change_type_id - - name: uiuser - using: - foreign_key_constraint_on: doku_admin - - name: uiuserByImportAdmin - using: - foreign_key_constraint_on: import_admin - select_permissions: - - permission: - columns: - - log_rule_id - - doku_admin - - control_id - - import_admin - - new_rule_id - - old_rule_id - - implicit_change - - abs_change_id - - change_action - - changelog_rule_comment - - documented - - docu_time - - mgm_id - - dev_id - - change_type_id - - security_relevant - - change_request_info - - change_time - - unique_name - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - log_rule_id - - doku_admin - - control_id - - import_admin - - new_rule_id - - old_rule_id - - implicit_change - - abs_change_id - - change_action - - changelog_rule_comment - - documented - - docu_time - - mgm_id - - dev_id - - change_type_id - - security_relevant - - change_request_info - - change_time - - unique_name - filter: - dev_id: - _in: x-hasura-visible-devices - role: recertifier - - permission: - allow_aggregations: true - columns: - - log_rule_id - - doku_admin - - control_id - - import_admin - - new_rule_id - - old_rule_id - - implicit_change - - abs_change_id - - change_action - - changelog_rule_comment - - documented - - docu_time - - mgm_id - - dev_id - - change_type_id - - security_relevant - - change_request_info - - change_time - - unique_name - filter: - dev_id: - _in: x-hasura-visible-devices - role: reporter - - permission: - allow_aggregations: true - columns: - - log_rule_id - - doku_admin - - control_id - - import_admin - - new_rule_id - - old_rule_id - - implicit_change - - abs_change_id - - change_action - - changelog_rule_comment - - documented - - docu_time - - mgm_id - - dev_id - - change_type_id - - security_relevant - - change_request_info - - change_time - - unique_name - filter: {} - role: reporter-viewall - table: - name: changelog_rule - schema: public -- array_relationships: - - name: request_service_changes - using: - foreign_key_constraint_on: - column: log_svc_id - table: - name: request_service_change - schema: public - object_relationships: - - name: import_control - using: - foreign_key_constraint_on: control_id - - name: management - using: - foreign_key_constraint_on: mgm_id - - name: service - using: - foreign_key_constraint_on: new_svc_id - - name: serviceByOldSvcId - using: - foreign_key_constraint_on: old_svc_id - - name: stm_change_type - using: - foreign_key_constraint_on: change_type_id - - name: uiuser - using: - foreign_key_constraint_on: doku_admin - - name: uiuserByImportAdmin - using: - foreign_key_constraint_on: import_admin - table: - name: changelog_service - schema: public -- array_relationships: - - name: request_user_changes - using: - foreign_key_constraint_on: - column: log_usr_id - table: - name: request_user_change - schema: public - object_relationships: - - name: import_control - using: - foreign_key_constraint_on: control_id - - name: management - using: - foreign_key_constraint_on: mgm_id - - name: stm_change_type - using: - foreign_key_constraint_on: change_type_id - - name: uiuser - using: - foreign_key_constraint_on: doku_admin - - name: uiuserByImportAdmin - using: - foreign_key_constraint_on: import_admin - - name: usr - using: - foreign_key_constraint_on: new_user_id - - name: usrByOldUserId - using: - foreign_key_constraint_on: old_user_id - table: - name: changelog_user - schema: public -- insert_permissions: - - permission: - backend_only: false - check: - config_user: - _eq: X-Hasura-User-Id - columns: - - config_key - - config_value - - config_user - role: auditor - - permission: - check: - _or: - - config_user: - _eq: X-Hasura-User-Id - - config_user: - _eq: 0 - columns: - - config_key - - config_value - - config_user - role: recertifier - - permission: - backend_only: false - check: - config_user: - _eq: X-Hasura-User-Id - columns: - - config_user - - config_key - - config_value - role: reporter - - permission: - backend_only: false - check: - config_user: - _eq: X-Hasura-User-Id - columns: - - config_user - - config_key - - config_value - role: reporter-viewall - object_relationships: - - name: uiuser - using: - foreign_key_constraint_on: config_user - select_permissions: - - permission: - columns: - - config_key - - config_value - - config_user - filter: - config_user: - _eq: 0 - role: anonymous - - permission: - columns: - - config_user - - config_key - - config_value - filter: {} - role: auditor - - permission: - columns: - - config_key - - config_value - - config_user - filter: {} - role: middleware-server - - permission: - columns: - - config_key - - config_value - - config_user - filter: - _or: - - config_user: - _eq: X-Hasura-User-Id - - config_user: - _eq: 0 - role: recertifier - - permission: - columns: - - config_key - - config_value - - config_user - filter: - _or: - - config_user: - _eq: X-Hasura-User-Id - - config_user: - _eq: 0 - role: reporter - - permission: - columns: - - config_user - - config_key - - config_value - filter: - _or: - - config_user: - _eq: X-Hasura-User-Id - - config_user: - _eq: 0 - role: reporter-viewall - table: - name: config - schema: public - update_permissions: - - permission: - check: null - columns: - - config_user - - config_key - - config_value - filter: - config_user: - _eq: X-Hasura-User-Id - role: auditor - - permission: - check: null - columns: - - config_key - - config_value - - config_user - filter: - _or: - - config_user: - _eq: X-Hasura-User-Id - - config_user: - _eq: 0 - role: recertifier - - permission: - check: null - columns: - - config_value - filter: - config_user: - _eq: X-Hasura-User-Id - role: reporter - - permission: - check: null - columns: - - config_value - filter: - config_user: - _eq: X-Hasura-User-Id - role: reporter-viewall -- array_relationships: - - name: changelog_rules - using: - foreign_key_constraint_on: - column: dev_id - table: - name: changelog_rule - schema: public - - name: objects - using: - foreign_key_constraint_on: - column: obj_nat_install - table: - name: object - schema: public - - name: rule_metadata - using: - foreign_key_constraint_on: - column: dev_id - table: - name: rule_metadata - schema: public - - name: rules - using: - foreign_key_constraint_on: - column: dev_id - table: - name: rule - schema: public - - name: tenant_to_devices - using: - foreign_key_constraint_on: - column: device_id - table: - name: tenant_to_device - schema: public - object_relationships: - - name: management - using: - foreign_key_constraint_on: mgm_id - - name: stm_dev_typ - using: - foreign_key_constraint_on: dev_typ_id - - name: tenant - using: - foreign_key_constraint_on: tenant_id - select_permissions: - - permission: - columns: - - dev_id - - mgm_id - - dev_name - - dev_rulebase - - dev_typ_id - - tenant_id - - dev_active - - dev_comment - - dev_create - - dev_update - - do_not_import - - clearing_import_ran - - force_initial_import - - hide_in_gui - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - dev_id - - mgm_id - - dev_name - - dev_rulebase - - dev_typ_id - - tenant_id - - dev_active - - dev_comment - - dev_create - - dev_update - - do_not_import - - clearing_import_ran - - force_initial_import - - hide_in_gui - filter: - _and: - - mgm_id: - _in: x-hasura-visible-managements - - dev_id: - _in: x-hasura-visible-devices - role: recertifier - - permission: - allow_aggregations: true - columns: - - dev_id - - mgm_id - - dev_name - - dev_rulebase - - dev_typ_id - - tenant_id - - dev_active - - dev_comment - - dev_create - - dev_update - - do_not_import - - clearing_import_ran - - force_initial_import - - hide_in_gui - filter: - _and: - - mgm_id: - _in: x-hasura-visible-managements - - dev_id: - _in: x-hasura-visible-devices - role: reporter - - permission: - columns: - - dev_id - - mgm_id - - dev_name - - dev_rulebase - - dev_typ_id - - tenant_id - - dev_active - - dev_comment - - dev_create - - dev_update - - do_not_import - - clearing_import_ran - - force_initial_import - - hide_in_gui - filter: {} - role: reporter-viewall - table: - name: device - schema: public -- delete_permissions: - - permission: - filter: {} - role: middleware-server - insert_permissions: - - permission: - backend_only: false - check: {} - columns: - - id - - name - role: middleware-server - select_permissions: - - permission: - columns: - - id - - name - filter: {} - role: auditor - - permission: - columns: - - id - - name - filter: {} - role: middleware-server - table: - name: device_type - schema: public - update_permissions: - - permission: - check: null - columns: - - id - - name - filter: {} - role: middleware-server -- array_relationships: - - name: error_logs - using: - foreign_key_constraint_on: - column: error_id - table: - name: error_log - schema: public - table: - name: error - schema: public -- object_relationships: - - name: error - using: - foreign_key_constraint_on: error_id - table: - name: error_log - schema: public -- object_relationships: - - name: import_control - using: - foreign_key_constraint_on: control_id - table: - name: import_changelog - schema: public -- array_relationships: - - name: changelog_objects - using: - foreign_key_constraint_on: - column: control_id - table: - name: changelog_object - schema: public - - name: changelog_rules - using: - foreign_key_constraint_on: - column: control_id - table: - name: changelog_rule - schema: public - - name: changelog_services - using: - foreign_key_constraint_on: - column: control_id - table: - name: changelog_service - schema: public - - name: changelog_users - using: - foreign_key_constraint_on: - column: control_id - table: - name: changelog_user - schema: public - - name: import_changelogs - using: - foreign_key_constraint_on: - column: control_id - table: - name: import_changelog - schema: public - - name: import_objects - using: - foreign_key_constraint_on: - column: control_id - table: - name: import_object - schema: public - - name: import_rules - using: - foreign_key_constraint_on: - column: control_id - table: - name: import_rule - schema: public - - name: import_services - using: - foreign_key_constraint_on: - column: control_id - table: - name: import_service - schema: public - - name: import_users - using: - foreign_key_constraint_on: - column: control_id - table: - name: import_user - schema: public - - name: import_zones - using: - foreign_key_constraint_on: - column: control_id - table: - name: import_zone - schema: public - - name: objects - using: - foreign_key_constraint_on: - column: obj_create - table: - name: object - schema: public - - name: objectsByObjLastSeen - using: - foreign_key_constraint_on: - column: obj_last_seen - table: - name: object - schema: public - - name: objgrp_flats - using: - foreign_key_constraint_on: - column: import_created - table: - name: objgrp_flat - schema: public - - name: objgrpFlatsByImportLastSeen - using: - foreign_key_constraint_on: - column: import_last_seen - table: - name: objgrp_flat - schema: public - - name: objgrps - using: - foreign_key_constraint_on: - column: import_created - table: - name: objgrp - schema: public - - name: objgrpsByImportLastSeen - using: - foreign_key_constraint_on: - column: import_last_seen - table: - name: objgrp - schema: public - - name: rule_froms - using: - foreign_key_constraint_on: - column: rf_create - table: - name: rule_from - schema: public - - name: ruleFromsByRfLastSeen - using: - foreign_key_constraint_on: - column: rf_last_seen - table: - name: rule_from - schema: public - - name: rule_nwobj_resolveds - using: - foreign_key_constraint_on: - column: created - table: - name: rule_nwobj_resolved - schema: public - - name: ruleNwobjResolvedsByRemoved - using: - foreign_key_constraint_on: - column: removed - table: - name: rule_nwobj_resolved - schema: public - - name: rules - using: - foreign_key_constraint_on: - column: rule_create - table: - name: rule - schema: public - - name: rulesByRuleLastSeen - using: - foreign_key_constraint_on: - column: rule_last_seen - table: - name: rule - schema: public - - name: rule_services - using: - foreign_key_constraint_on: - column: rs_create - table: - name: rule_service - schema: public - - name: ruleServicesByRsLastSeen - using: - foreign_key_constraint_on: - column: rs_last_seen - table: - name: rule_service - schema: public - - name: rule_svc_resolveds - using: - foreign_key_constraint_on: - column: created - table: - name: rule_svc_resolved - schema: public - - name: ruleSvcResolvedsByRemoved - using: - foreign_key_constraint_on: - column: removed - table: - name: rule_svc_resolved - schema: public - - name: rule_tos - using: - foreign_key_constraint_on: - column: rt_create - table: - name: rule_to - schema: public - - name: ruleTosByRtLastSeen - using: - foreign_key_constraint_on: - column: rt_last_seen - table: - name: rule_to - schema: public - - name: rule_user_resolveds - using: - foreign_key_constraint_on: - column: created - table: - name: rule_user_resolved - schema: public - - name: ruleUserResolvedsByRemoved - using: - foreign_key_constraint_on: - column: removed - table: - name: rule_user_resolved - schema: public - - name: services - using: - foreign_key_constraint_on: - column: svc_create - table: - name: service - schema: public - - name: servicesBySvcLastSeen - using: - foreign_key_constraint_on: - column: svc_last_seen - table: - name: service - schema: public - - name: svcgrp_flats - using: - foreign_key_constraint_on: - column: import_created - table: - name: svcgrp_flat - schema: public - - name: svcgrpFlatsByImportLastSeen - using: - foreign_key_constraint_on: - column: import_last_seen - table: - name: svcgrp_flat - schema: public - - name: svcgrps - using: - foreign_key_constraint_on: - column: import_created - table: - name: svcgrp - schema: public - - name: svcgrpsByImportLastSeen - using: - foreign_key_constraint_on: - column: import_last_seen - table: - name: svcgrp - schema: public - - name: usergrp_flats - using: - foreign_key_constraint_on: - column: import_created - table: - name: usergrp_flat - schema: public - - name: usergrpFlatsByImportLastSeen - using: - foreign_key_constraint_on: - column: import_last_seen - table: - name: usergrp_flat - schema: public - - name: usergrps - using: - foreign_key_constraint_on: - column: import_created - table: - name: usergrp - schema: public - - name: usergrpsByImportLastSeen - using: - foreign_key_constraint_on: - column: import_last_seen - table: - name: usergrp - schema: public - - name: usrs - using: - foreign_key_constraint_on: - column: user_create - table: - name: usr - schema: public - - name: usrsByUserLastSeen - using: - foreign_key_constraint_on: - column: user_last_seen - table: - name: usr - schema: public - - name: zones - using: - foreign_key_constraint_on: - column: zone_create - table: - name: zone - schema: public - - name: zonesByZoneLastSeen - using: - foreign_key_constraint_on: - column: zone_last_seen - table: - name: zone - schema: public - object_relationships: - - name: management - using: - foreign_key_constraint_on: mgm_id - select_permissions: - - permission: - allow_aggregations: true - columns: - - control_id - - start_time - - stop_time - - is_initial_import - - delimiter_group - - delimiter_zone - - delimiter_user - - delimiter_list - - mgm_id - - last_change_in_config - - successful_import - - changes_found - - import_errors - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - changes_found - - is_initial_import - - successful_import - - mgm_id - - control_id - - last_change_in_config - - start_time - - stop_time - - delimiter_group - - delimiter_list - - delimiter_user - - delimiter_zone - - import_errors - filter: - mgm_id: - _in: x-hasura-visible-managements - role: recertifier - - permission: - allow_aggregations: true - columns: - - changes_found - - is_initial_import - - successful_import - - mgm_id - - control_id - - last_change_in_config - - start_time - - stop_time - - delimiter_group - - delimiter_list - - delimiter_user - - delimiter_zone - - import_errors - filter: - mgm_id: - _in: x-hasura-visible-managements - role: reporter - - permission: - allow_aggregations: true - columns: - - control_id - - start_time - - stop_time - - is_initial_import - - delimiter_group - - delimiter_zone - - delimiter_user - - delimiter_list - - mgm_id - - last_change_in_config - - successful_import - - changes_found - - import_errors - filter: {} - role: reporter-viewall - table: - name: import_control - schema: public -- insert_permissions: - - permission: - backend_only: false - check: {} - columns: - - obj_id - - obj_zone - - obj_name - - obj_typ - - obj_member_names - - obj_member_refs - - obj_member_excludes - - obj_sw - - obj_ip - - obj_ip_end - - obj_color - - obj_comment - - obj_location - - control_id - - obj_uid - - last_change_admin - - last_change_time - - obj_scope - role: importer - object_relationships: - - name: import_control - using: - foreign_key_constraint_on: control_id - table: - name: import_object - schema: public -- insert_permissions: - - permission: - backend_only: false - check: {} - columns: - - control_id - - rule_id - - rulebase_name - - rule_num - - rule_uid - - rule_ruleid - - rule_name - - rule_sysid - - rule_disabled - - rule_src_neg - - rule_dst_neg - - rule_svc_neg - - rule_implied - - rule_src - - rule_dst - - rule_from_zone - - rule_to_zone - - rule_svc - - rule_action - - rule_track - - rule_installon - - rule_time - - rule_comment - - rule_head_text - - last_change_admin - - last_change_time - - rule_scope - - rule_src_refs - - rule_dst_refs - - rule_svc_refs - role: importer - object_relationships: - - name: import_control - using: - foreign_key_constraint_on: control_id - table: - name: import_rule - schema: public -- insert_permissions: - - permission: - check: {} - columns: - - svc_id - - control_id - - svc_typ - - svc_name - - svc_comment - - svc_color - - ip_proto - - svc_prod_specific - - rpc_nr - - svc_uid - - svc_port - - svc_port_end - - svc_source_port - - svc_source_port_end - - svc_timeout_std - - svc_timeout - - svc_member_names - - svc_member_refs - - last_change_admin - - last_change_time - - svc_scope - role: importer - object_relationships: - - name: import_control - using: - foreign_key_constraint_on: control_id - table: - name: import_service - schema: public -- insert_permissions: - - permission: - backend_only: false - check: {} - columns: - - user_id - - control_id - - user_color - - user_name - - user_typ - - user_comment - - user_authmethod - - user_valid_from - - user_valid_until - - user_member_names - - user_member_refs - - user_uid - - user_firstname - - user_lastname - - src_restrict - - dst_restrict - - time_restrict - - last_change_admin - - last_change_time - - user_scope - role: importer - object_relationships: - - name: import_control - using: - foreign_key_constraint_on: control_id - table: - name: import_user - schema: public -- insert_permissions: - - permission: - backend_only: false - check: {} - columns: - - control_id - - zone_name - - last_change_time - role: importer - object_relationships: - - name: import_control - using: - foreign_key_constraint_on: control_id - table: - name: import_zone - schema: public -- array_relationships: - - name: txts - using: - foreign_key_constraint_on: - column: language - table: - name: txt - schema: public - - name: uiusers - using: - foreign_key_constraint_on: - column: uiuser_language - table: - name: uiuser - schema: public - select_permissions: - - permission: - allow_aggregations: true - columns: - - name - - culture_info - filter: {} - role: anonymous - - permission: - columns: - - culture_info - - name - filter: {} - role: auditor - table: - name: language - schema: public -- array_relationships: - - name: uiusers - using: - foreign_key_constraint_on: - column: ldap_connection_id - table: - name: uiuser - schema: public - object_relationships: - - name: tenant - using: - foreign_key_constraint_on: tenant_id - select_permissions: - - permission: - columns: - - ldap_connection_id - - ldap_name - - ldap_pattern_length - - ldap_port - - ldap_search_user - - ldap_search_user_pwd - - ldap_searchpath_for_groups - - ldap_searchpath_for_roles - - ldap_searchpath_for_users - - ldap_server - - ldap_tenant_level - - ldap_tls - - ldap_type - - ldap_write_user - - ldap_write_user_pwd - - tenant_id - filter: {} - role: auditor - - permission: - columns: - - ldap_connection_id - - ldap_name - - ldap_pattern_length - - ldap_port - - ldap_search_user - - ldap_search_user_pwd - - ldap_searchpath_for_groups - - ldap_searchpath_for_roles - - ldap_searchpath_for_users - - ldap_server - - ldap_tenant_level - - ldap_tls - - ldap_type - - ldap_write_user - - ldap_write_user_pwd - - tenant_id - filter: {} - role: middleware-server - table: - name: ldap_connection - schema: public -- array_relationships: - - name: changelog_objects - using: - foreign_key_constraint_on: - column: mgm_id - table: - name: changelog_object - schema: public - - name: changelog_rules - using: - foreign_key_constraint_on: - column: mgm_id - table: - name: changelog_rule - schema: public - - name: changelog_services - using: - foreign_key_constraint_on: - column: mgm_id - table: - name: changelog_service - schema: public - - name: changelog_users - using: - foreign_key_constraint_on: - column: mgm_id - table: - name: changelog_user - schema: public - - name: devices - using: - foreign_key_constraint_on: - column: mgm_id - table: - name: device - schema: public - - name: import_controls - using: - foreign_key_constraint_on: - column: mgm_id - table: - name: import_control - schema: public - - name: objects - using: - foreign_key_constraint_on: - column: mgm_id - table: - name: object - schema: public - - name: rule_nwobj_resolveds - using: - foreign_key_constraint_on: - column: mgm_id - table: - name: rule_nwobj_resolved - schema: public - - name: rules - using: - foreign_key_constraint_on: - column: mgm_id - table: - name: rule - schema: public - - name: rule_svc_resolveds - using: - foreign_key_constraint_on: - column: mgm_id - table: - name: rule_svc_resolved - schema: public - - name: rule_user_resolveds - using: - foreign_key_constraint_on: - column: mgm_id - table: - name: rule_user_resolved - schema: public - - name: services - using: - foreign_key_constraint_on: - column: mgm_id - table: - name: service - schema: public - - name: usrs - using: - foreign_key_constraint_on: - column: mgm_id - table: - name: usr - schema: public - - name: zones - using: - foreign_key_constraint_on: - column: mgm_id - table: - name: zone - schema: public - object_relationships: - - name: stm_dev_typ - using: - foreign_key_constraint_on: dev_typ_id - - name: tenant - using: - foreign_key_constraint_on: tenant_id - select_permissions: - - permission: - allow_aggregations: true - columns: - - mgm_id - - dev_typ_id - - mgm_name - - mgm_comment - - tenant_id - - mgm_create - - mgm_update - - ssh_public_key - - ssh_private_key - - ssh_hostname - - ssh_port - - ssh_user - - last_import_md5_complete_config - - last_import_md5_rules - - last_import_md5_objects - - last_import_md5_users - - do_not_import - - clearing_import_ran - - force_initial_import - - config_path - - hide_in_gui - - importer_hostname - - debug_level - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - clearing_import_ran - - tenant_id - - config_path - - dev_typ_id - - do_not_import - - force_initial_import - - hide_in_gui - - importer_hostname - - mgm_comment - - mgm_create - - mgm_id - - mgm_name - - mgm_update - filter: - mgm_id: - _in: x-hasura-visible-managements - role: recertifier - - permission: - allow_aggregations: true - columns: - - clearing_import_ran - - tenant_id - - config_path - - dev_typ_id - - do_not_import - - force_initial_import - - hide_in_gui - - importer_hostname - - mgm_comment - - mgm_create - - mgm_id - - mgm_name - - mgm_update - filter: - mgm_id: - _in: x-hasura-visible-managements - role: reporter - - permission: - allow_aggregations: true - columns: - - mgm_id - - dev_typ_id - - mgm_name - - mgm_comment - - tenant_id - - mgm_create - - mgm_update - - ssh_public_key - - ssh_private_key - - ssh_hostname - - ssh_port - - ssh_user - - last_import_md5_complete_config - - last_import_md5_rules - - last_import_md5_objects - - last_import_md5_users - - do_not_import - - clearing_import_ran - - force_initial_import - - config_path - - hide_in_gui - - importer_hostname - filter: {} - role: reporter-viewall - table: - name: management - schema: public -- array_relationships: - - name: changelog_objects - using: - foreign_key_constraint_on: - column: new_obj_id - table: - name: changelog_object - schema: public - - name: changelogObjectsByOldObjId - using: - foreign_key_constraint_on: - column: old_obj_id - table: - name: changelog_object - schema: public - - name: objgrp_flats - using: - foreign_key_constraint_on: - column: objgrp_flat_id - table: - name: objgrp_flat - schema: public - - name: objgrpFlatsByObjgrpFlatMemberId - using: - foreign_key_constraint_on: - column: objgrp_flat_member_id - table: - name: objgrp_flat - schema: public - - name: objgrps - using: - foreign_key_constraint_on: - column: objgrp_id - table: - name: objgrp - schema: public - - name: objgrpsByObjgrpMemberId - using: - foreign_key_constraint_on: - column: objgrp_member_id - table: - name: objgrp - schema: public - - name: rule_froms - using: - foreign_key_constraint_on: - column: obj_id - table: - name: rule_from - schema: public - - name: rule_nwobj_resolveds - using: - foreign_key_constraint_on: - column: obj_id - table: - name: rule_nwobj_resolved - schema: public - - name: rule_tos - using: - foreign_key_constraint_on: - column: obj_id - table: - name: rule_to - schema: public - - name: tenant_objects - using: - foreign_key_constraint_on: - column: obj_id - table: - name: tenant_object - schema: public - object_relationships: - - name: device - using: - foreign_key_constraint_on: obj_nat_install - - name: import_control - using: - foreign_key_constraint_on: obj_create - - name: importControlByObjLastSeen - using: - foreign_key_constraint_on: obj_last_seen - - name: management - using: - foreign_key_constraint_on: mgm_id - - name: stm_color - using: - foreign_key_constraint_on: obj_color_id - - name: stm_nattyp - using: - foreign_key_constraint_on: nattyp_id - - name: stm_obj_typ - using: - foreign_key_constraint_on: obj_typ_id - - name: uiuser - using: - foreign_key_constraint_on: last_change_admin - - name: zone - using: - foreign_key_constraint_on: zone_id - select_permissions: - - permission: - allow_aggregations: true - columns: - - obj_id - - last_change_admin - - zone_id - - mgm_id - - obj_name - - obj_comment - - obj_uid - - obj_typ_id - - obj_location - - obj_member_names - - obj_member_refs - - initial_config - - obj_sw - - obj_ip - - obj_ip_end - - obj_nat - - nattyp_id - - obj_nat_ip - - obj_nat_ip_end - - obj_nat_install - - obj_color_id - - obj_sys_name - - obj_sys_location - - obj_sys_contact - - obj_sys_desc - - obj_sys_readcom - - obj_sys_writecom - - active - - obj_create - - obj_last_seen - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - obj_id - - last_change_admin - - zone_id - - mgm_id - - obj_name - - obj_comment - - obj_uid - - obj_typ_id - - obj_location - - obj_member_names - - obj_member_refs - - initial_config - - obj_sw - - obj_ip - - obj_ip_end - - obj_nat - - nattyp_id - - obj_nat_ip - - obj_nat_ip_end - - obj_nat_install - - obj_color_id - - obj_sys_name - - obj_sys_location - - obj_sys_contact - - obj_sys_desc - - obj_sys_readcom - - obj_sys_writecom - - active - - obj_create - - obj_last_seen - filter: - mgm_id: - _in: x-hasura-visible-managements - role: recertifier - - permission: - allow_aggregations: true - columns: - - obj_id - - last_change_admin - - zone_id - - mgm_id - - obj_name - - obj_comment - - obj_uid - - obj_typ_id - - obj_location - - obj_member_names - - obj_member_refs - - initial_config - - obj_sw - - obj_ip - - obj_ip_end - - obj_nat - - nattyp_id - - obj_nat_ip - - obj_nat_ip_end - - obj_nat_install - - obj_color_id - - obj_sys_name - - obj_sys_location - - obj_sys_contact - - obj_sys_desc - - obj_sys_readcom - - obj_sys_writecom - - active - - obj_create - - obj_last_seen - filter: - mgm_id: - _in: x-hasura-visible-managements - role: reporter - - permission: - allow_aggregations: true - columns: - - obj_id - - last_change_admin - - zone_id - - mgm_id - - obj_name - - obj_comment - - obj_uid - - obj_typ_id - - obj_location - - obj_member_names - - obj_member_refs - - initial_config - - obj_sw - - obj_ip - - obj_ip_end - - obj_nat - - nattyp_id - - obj_nat_ip - - obj_nat_ip_end - - obj_nat_install - - obj_color_id - - obj_sys_name - - obj_sys_location - - obj_sys_contact - - obj_sys_desc - - obj_sys_readcom - - obj_sys_writecom - - active - - obj_create - - obj_last_seen - filter: {} - role: reporter-viewall - table: - name: object - schema: public -- object_relationships: - - name: import_control - using: - foreign_key_constraint_on: import_created - - name: importControlByImportLastSeen - using: - foreign_key_constraint_on: import_last_seen - - name: object - using: - foreign_key_constraint_on: objgrp_id - - name: objectByObjgrpMemberId - using: - foreign_key_constraint_on: objgrp_member_id - select_permissions: - - permission: - allow_aggregations: true - columns: - - objgrp_id - - objgrp_member_id - - import_created - - import_last_seen - - active - - negated - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - objgrp_id - - objgrp_member_id - - import_created - - import_last_seen - - active - - negated - filter: {} - role: recertifier - - permission: - allow_aggregations: true - columns: - - objgrp_id - - objgrp_member_id - - import_created - - import_last_seen - - active - - negated - filter: {} - role: reporter - - permission: - columns: - - objgrp_id - - objgrp_member_id - - import_created - - import_last_seen - - active - - negated - filter: {} - role: reporter-viewall - table: - name: objgrp - schema: public -- object_relationships: - - name: import_control - using: - foreign_key_constraint_on: import_created - - name: importControlByImportLastSeen - using: - foreign_key_constraint_on: import_last_seen - - name: object - using: - foreign_key_constraint_on: objgrp_flat_id - - name: objectByObjgrpFlatMemberId - using: - foreign_key_constraint_on: objgrp_flat_member_id - select_permissions: - - permission: - allow_aggregations: true - columns: - - objgrp_flat_id - - objgrp_flat_member_id - - active - - import_created - - import_last_seen - - negated - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - objgrp_flat_id - - objgrp_flat_member_id - - active - - import_created - - import_last_seen - - negated - filter: {} - role: recertifier - - permission: - allow_aggregations: true - columns: - - objgrp_flat_id - - objgrp_flat_member_id - - active - - import_created - - import_last_seen - - negated - filter: {} - role: reporter - - permission: - columns: - - objgrp_flat_id - - objgrp_flat_member_id - - active - - import_created - - import_last_seen - - negated - filter: {} - role: reporter-viewall - table: - name: objgrp_flat - schema: public -- array_relationships: - - name: rules - using: - foreign_key_constraint_on: - column: parent_rule_type - table: - name: rule - schema: public - select_permissions: - - permission: - columns: - - id - - name - filter: {} - role: auditor - - permission: - columns: - - id - - name - filter: {} - role: importer - - permission: - allow_aggregations: true - columns: - - id - - name - filter: {} - role: recertifier - - permission: - allow_aggregations: true - columns: - - id - - name - filter: {} - role: reporter - - permission: - allow_aggregations: true - columns: - - id - - name - filter: {} - role: reporter-viewall - table: - name: parent_rule_type - schema: public -- delete_permissions: - - permission: - filter: - report_owner_id: - _eq: X-Hasura-User-Id - role: auditor - - permission: - filter: - report_owner_id: - _eq: X-Hasura-User-Id - role: recertifier - - permission: - filter: - report_owner_id: - _eq: X-Hasura-User-Id - role: reporter - - permission: - filter: - report_owner_id: - _eq: X-Hasura-User-Id - role: reporter-viewall - insert_permissions: - - permission: - backend_only: false - check: {} - columns: - - report_id - - report_template_id - - report_start_time - - report_end_time - - report_json - - report_pdf - - report_csv - - report_html - - report_name - - report_owner_id - - tenant_wide_visible - role: auditor - - permission: - backend_only: false - check: {} - columns: - - report_id - - report_template_id - - report_start_time - - report_end_time - - report_json - - report_pdf - - report_csv - - report_html - - report_name - - report_owner_id - - tenant_wide_visible - role: middleware-server - - permission: - backend_only: false - check: {} - columns: - - report_id - - report_template_id - - report_start_time - - report_end_time - - report_json - - report_pdf - - report_csv - - report_html - - report_name - - report_owner_id - - tenant_wide_visible - role: recertifier - - permission: - backend_only: false - check: {} - columns: - - report_id - - report_template_id - - report_start_time - - report_end_time - - report_json - - report_pdf - - report_csv - - report_html - - report_name - - report_owner_id - - tenant_wide_visible - role: reporter - - permission: - backend_only: false - check: {} - columns: - - report_id - - report_template_id - - report_start_time - - report_end_time - - report_json - - report_pdf - - report_csv - - report_html - - report_name - - report_owner_id - - tenant_wide_visible - role: reporter-viewall - object_relationships: - - name: report_template - using: - foreign_key_constraint_on: report_template_id - - name: tenant - using: - foreign_key_constraint_on: tenant_wide_visible - - name: uiuser - using: - foreign_key_constraint_on: report_owner_id - select_permissions: - - permission: - columns: - - report_id - - report_template_id - - report_start_time - - report_end_time - - report_json - - report_pdf - - report_csv - - report_html - - report_name - - report_owner_id - - tenant_wide_visible - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - report_pdf - - report_owner_id - - report_template_id - - tenant_wide_visible - - report_id - - report_json - - report_csv - - report_html - - report_end_time - - report_start_time - - report_name - filter: - report_owner_id: - _eq: X-Hasura-User-Id - role: recertifier - - permission: - allow_aggregations: true - columns: - - report_pdf - - report_owner_id - - report_template_id - - tenant_wide_visible - - report_id - - report_json - - report_csv - - report_html - - report_end_time - - report_start_time - - report_name - filter: - report_owner_id: - _eq: X-Hasura-User-Id - role: reporter - - permission: - allow_aggregations: true - columns: - - report_pdf - - report_owner_id - - report_template_id - - tenant_wide_visible - - report_id - - report_json - - report_csv - - report_html - - report_end_time - - report_start_time - - report_name - filter: - report_owner_id: - _eq: X-Hasura-User-Id - role: reporter-viewall - table: - name: report - schema: public - update_permissions: - - permission: - check: null - columns: - - report_owner_id - - report_template_id - - tenant_wide_visible - - report_id - - report_json - - report_csv - - report_html - - report_pdf - - report_end_time - - report_start_time - - report_name - filter: - report_owner_id: - _eq: X-Hasura-User-Id - role: auditor - - permission: - check: null - columns: - - report_pdf - - report_owner_id - - report_template_id - - tenant_wide_visible - - report_id - - report_json - - report_csv - - report_html - - report_end_time - - report_start_time - - report_name - filter: - report_owner_id: - _eq: X-Hasura-User-Id - role: recertifier - - permission: - check: null - columns: - - report_pdf - - report_owner_id - - report_template_id - - tenant_wide_visible - - report_id - - report_json - - report_csv - - report_html - - report_end_time - - report_start_time - - report_name - filter: - report_owner_id: - _eq: X-Hasura-User-Id - role: reporter - - permission: - check: null - columns: - - report_pdf - - report_owner_id - - report_template_id - - tenant_wide_visible - - report_id - - report_json - - report_csv - - report_html - - report_end_time - - report_start_time - - report_name - filter: - report_owner_id: - _eq: X-Hasura-User-Id - role: reporter-viewall -- array_relationships: - - name: report_schedule_formats - using: - foreign_key_constraint_on: - column: report_schedule_format_name - table: - name: report_schedule_format - schema: public - select_permissions: - - permission: - columns: - - report_format_name - filter: {} - role: auditor - - permission: - columns: - - report_format_name - filter: {} - role: middleware-server - - permission: - columns: - - report_format_name - filter: {} - role: recertifier - - permission: - columns: - - report_format_name - filter: {} - role: reporter - - permission: - columns: - - report_format_name - filter: {} - role: reporter-viewall - table: - name: report_format - schema: public -- array_relationships: - - name: report_schedule_formats - using: - foreign_key_constraint_on: - column: report_schedule_id - table: - name: report_schedule_format - schema: public - delete_permissions: - - permission: - filter: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: auditor - - permission: - filter: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: recertifier - - permission: - filter: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: reporter - - permission: - filter: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: reporter-viewall - insert_permissions: - - permission: - backend_only: false - check: {} - columns: - - report_schedule_active - - report_schedule_every - - report_schedule_id - - report_schedule_name - - report_schedule_owner - - report_schedule_repeat - - report_schedule_start_time - - report_template_id - role: auditor - - permission: - backend_only: false - check: {} - columns: - - report_schedule_active - - report_schedule_every - - report_schedule_id - - report_schedule_name - - report_schedule_owner - - report_schedule_repeat - - report_schedule_repetitions - - report_schedule_start_time - - report_template_id - role: recertifier - - permission: - backend_only: false - check: {} - columns: - - report_schedule_active - - report_schedule_every - - report_schedule_id - - report_schedule_name - - report_schedule_owner - - report_schedule_repeat - - report_schedule_repetitions - - report_schedule_start_time - - report_template_id - role: reporter - - permission: - backend_only: false - check: {} - columns: - - report_schedule_active - - report_schedule_every - - report_schedule_id - - report_schedule_name - - report_schedule_owner - - report_schedule_repeat - - report_schedule_repetitions - - report_schedule_start_time - - report_template_id - role: reporter-viewall - object_relationships: - - name: report_template - using: - foreign_key_constraint_on: report_template_id - - name: uiuser - using: - foreign_key_constraint_on: report_schedule_owner - select_permissions: - - permission: - columns: - - report_schedule_id - - report_schedule_name - - report_template_id - - report_schedule_owner - - report_schedule_start_time - - report_schedule_repeat - - report_schedule_every - - report_schedule_active - - report_schedule_repetitions - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - report_schedule_id - - report_schedule_name - - report_template_id - - report_schedule_owner - - report_schedule_start_time - - report_schedule_repeat - - report_schedule_every - - report_schedule_active - - report_schedule_repetitions - filter: {} - role: middleware-server - - permission: - columns: - - report_schedule_active - - report_schedule_every - - report_schedule_id - - report_schedule_name - - report_schedule_owner - - report_schedule_repeat - - report_schedule_repetitions - - report_schedule_start_time - - report_template_id - filter: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: recertifier - - permission: - columns: - - report_schedule_active - - report_schedule_every - - report_schedule_id - - report_schedule_name - - report_schedule_owner - - report_schedule_repeat - - report_schedule_repetitions - - report_schedule_start_time - - report_template_id - filter: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: reporter - - permission: - columns: - - report_schedule_active - - report_schedule_every - - report_schedule_id - - report_schedule_name - - report_schedule_owner - - report_schedule_repeat - - report_schedule_repetitions - - report_schedule_start_time - - report_template_id - filter: - _or: - - report_schedule_owner: - _eq: X-Hasura-User-Id - - _exists: - _table: - name: report_template_viewable_by_user - schema: public - _where: - uiuser_id: - _eq: X-Hasura-User-Id - - _exists: - _table: - name: report_template_viewable_by_tenant - schema: public - _where: - tenant_id: - _eq: X-Hasura-Tenant-Id - role: reporter-viewall - table: - name: report_schedule - schema: public - update_permissions: - - permission: - check: null - columns: - - report_schedule_active - - report_schedule_every - - report_schedule_id - - report_schedule_name - - report_schedule_owner - - report_schedule_repeat - - report_schedule_start_time - - report_template_id - filter: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: auditor - - permission: - check: null - columns: - - report_schedule_active - - report_schedule_every - - report_schedule_id - - report_schedule_name - - report_schedule_owner - - report_schedule_repeat - - report_schedule_repetitions - - report_schedule_start_time - - report_template_id - filter: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: recertifier - - permission: - check: null - columns: - - report_schedule_active - - report_schedule_every - - report_schedule_id - - report_schedule_name - - report_schedule_owner - - report_schedule_repeat - - report_schedule_repetitions - - report_schedule_start_time - - report_template_id - filter: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: reporter - - permission: - check: null - columns: - - report_schedule_active - - report_schedule_every - - report_schedule_id - - report_schedule_name - - report_schedule_owner - - report_schedule_repeat - - report_schedule_repetitions - - report_schedule_start_time - - report_template_id - filter: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: reporter-viewall -- delete_permissions: - - permission: - filter: - report_schedule: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: auditor - - permission: - filter: - report_schedule: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: recertifier - - permission: - filter: - report_schedule: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: reporter - - permission: - filter: - report_schedule: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: reporter-viewall - insert_permissions: - - permission: - backend_only: false - check: - report_schedule: - report_schedule_owner: - _eq: X-Hasura-User-Id - columns: - - report_schedule_format_name - - report_schedule_id - role: auditor - - permission: - backend_only: false - check: - report_schedule: - report_schedule_owner: - _eq: X-Hasura-User-Id - columns: - - report_schedule_format_name - - report_schedule_id - role: recertifier - - permission: - backend_only: false - check: - report_schedule: - report_schedule_owner: - _eq: X-Hasura-User-Id - columns: - - report_schedule_format_name - - report_schedule_id - role: reporter - - permission: - backend_only: false - check: - report_schedule: - report_schedule_owner: - _eq: X-Hasura-User-Id - columns: - - report_schedule_format_name - - report_schedule_id - role: reporter-viewall - object_relationships: - - name: report_format - using: - foreign_key_constraint_on: report_schedule_format_name - - name: report_schedule - using: - foreign_key_constraint_on: report_schedule_id - select_permissions: - - permission: - columns: - - report_schedule_format_name - - report_schedule_id - filter: {} - role: auditor - - permission: - columns: - - report_schedule_format_name - - report_schedule_id - filter: {} - role: middleware-server - - permission: - columns: - - report_schedule_format_name - - report_schedule_id - filter: - report_schedule: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: recertifier - - permission: - columns: - - report_schedule_format_name - - report_schedule_id - filter: - report_schedule: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: reporter - - permission: - columns: - - report_schedule_format_name - - report_schedule_id - filter: - report_schedule: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: reporter-viewall - table: - name: report_schedule_format - schema: public - update_permissions: - - permission: - check: null - columns: - - report_schedule_id - - report_schedule_format_name - filter: - report_schedule: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: auditor - - permission: - check: - report_schedule: - report_schedule_owner: - _eq: X-Hasura-User-Id - columns: - - report_schedule_format_name - - report_schedule_id - filter: - report_schedule: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: recertifier - - permission: - check: - report_schedule: - report_schedule_owner: - _eq: X-Hasura-User-Id - columns: - - report_schedule_format_name - - report_schedule_id - filter: - report_schedule: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: reporter - - permission: - check: - report_schedule: - report_schedule_owner: - _eq: X-Hasura-User-Id - columns: - - report_schedule_format_name - - report_schedule_id - filter: - report_schedule: - report_schedule_owner: - _eq: X-Hasura-User-Id - role: reporter-viewall -- array_relationships: - - name: reports - using: - foreign_key_constraint_on: - column: report_template_id - table: - name: report - schema: public - - name: report_schedules - using: - foreign_key_constraint_on: - column: report_template_id - table: - name: report_schedule - schema: public - - name: report_template_viewable_by_tenants - using: - foreign_key_constraint_on: - column: report_template_id - table: - name: report_template_viewable_by_tenant - schema: public - - name: report_template_viewable_by_users - using: - foreign_key_constraint_on: - column: report_template_id - table: - name: report_template_viewable_by_user - schema: public - delete_permissions: - - permission: - filter: - report_template_owner: - _eq: X-Hasura-User-Id - role: auditor - - permission: - filter: - report_template_owner: - _eq: X-Hasura-User-Id - role: recertifier - - permission: - filter: - report_template_owner: - _eq: X-Hasura-User-Id - role: reporter - - permission: - filter: - report_template_owner: - _eq: X-Hasura-User-Id - role: reporter-viewall - insert_permissions: - - permission: - backend_only: false - check: {} - columns: - - report_template_id - - report_filter - - report_template_name - - report_template_comment - - report_template_create - - report_template_owner - - filterline_history - role: auditor - - permission: - backend_only: false - check: {} - columns: - - report_template_id - - report_filter - - report_template_name - - report_template_comment - - report_template_create - - report_template_owner - - filterline_history - role: recertifier - - permission: - backend_only: false - check: {} - columns: - - report_template_id - - report_filter - - report_template_name - - report_template_comment - - report_template_create - - report_template_owner - - filterline_history - role: reporter - - permission: - backend_only: false - check: {} - columns: - - report_template_id - - report_filter - - report_template_name - - report_template_comment - - report_template_create - - report_template_owner - - filterline_history - role: reporter-viewall - object_relationships: - - name: uiuser - using: - foreign_key_constraint_on: report_template_owner - select_permissions: - - permission: - columns: - - report_template_id - - report_filter - - report_template_name - - report_template_comment - - report_template_create - - report_template_owner - - filterline_history - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - report_template_id - - report_filter - - report_template_name - - report_template_comment - - report_template_create - - report_template_owner - - filterline_history - filter: {} - role: middleware-server - - permission: - columns: - - filterline_history - - report_template_id - - report_template_owner - - report_template_comment - - report_template_create - - report_filter - - report_template_name - filter: - _or: - - report_template_owner: - _eq: 0 - - report_template_owner: - _eq: X-Hasura-User-Id - role: recertifier - - permission: - columns: - - filterline_history - - report_template_id - - report_template_owner - - report_template_comment - - report_template_create - - report_filter - - report_template_name - filter: - _or: - - report_template_owner: - _eq: 0 - - report_template_owner: - _eq: X-Hasura-User-Id - role: reporter - - permission: - columns: - - filterline_history - - report_template_id - - report_template_owner - - report_template_comment - - report_template_create - - report_filter - - report_template_name - filter: - _or: - - report_template_owner: - _eq: 0 - - report_template_owner: - _eq: X-Hasura-User-Id - role: reporter-viewall - table: - name: report_template - schema: public - update_permissions: - - permission: - check: null - columns: - - filterline_history - - report_template_id - - report_template_owner - - report_template_comment - - report_template_create - - report_filter - - report_template_name - filter: - report_template_owner: - _eq: X-Hasura-User-Id - role: auditor - - permission: - check: null - columns: - - filterline_history - - report_template_id - - report_template_owner - - report_template_comment - - report_template_create - - report_filter - - report_template_name - filter: - report_template_owner: - _eq: X-Hasura-User-Id - role: recertifier - - permission: - check: null - columns: - - filterline_history - - report_template_id - - report_template_owner - - report_template_comment - - report_template_create - - report_filter - - report_template_name - filter: - report_template_owner: - _eq: X-Hasura-User-Id - role: reporter - - permission: - check: null - columns: - - filterline_history - - report_template_id - - report_template_owner - - report_template_comment - - report_template_create - - report_filter - - report_template_name - filter: - report_template_owner: - _eq: X-Hasura-User-Id - role: reporter-viewall -- object_relationships: - - name: report_template - using: - foreign_key_constraint_on: report_template_id - - name: tenant - using: - foreign_key_constraint_on: tenant_id - table: - name: report_template_viewable_by_tenant - schema: public -- object_relationships: - - name: report_template - using: - foreign_key_constraint_on: report_template_id - - name: uiuser - using: - foreign_key_constraint_on: uiuser_id - table: - name: report_template_viewable_by_user - schema: public -- array_relationships: - - name: request_object_changes - using: - foreign_key_constraint_on: - column: request_id - table: - name: request_object_change - schema: public - - name: request_rule_changes - using: - foreign_key_constraint_on: - column: request_id - table: - name: request_rule_change - schema: public - - name: request_service_changes - using: - foreign_key_constraint_on: - column: request_id - table: - name: request_service_change - schema: public - - name: request_user_changes - using: - foreign_key_constraint_on: - column: request_id - table: - name: request_user_change - schema: public - object_relationships: - - name: request_type - using: - foreign_key_constraint_on: request_type_id - - name: tenant - using: - foreign_key_constraint_on: tenant_id - table: - name: request - schema: public -- object_relationships: - - name: changelog_object - using: - foreign_key_constraint_on: log_obj_id - - name: request - using: - foreign_key_constraint_on: request_id - table: - name: request_object_change - schema: public -- object_relationships: - - name: changelog_rule - using: - foreign_key_constraint_on: log_rule_id - - name: request - using: - foreign_key_constraint_on: request_id - table: - name: request_rule_change - schema: public -- object_relationships: - - name: changelog_service - using: - foreign_key_constraint_on: log_svc_id - - name: request - using: - foreign_key_constraint_on: request_id - table: - name: request_service_change - schema: public -- array_relationships: - - name: requests - using: - foreign_key_constraint_on: - column: request_type_id - table: - name: request - schema: public - table: - name: request_type - schema: public -- object_relationships: - - name: changelog_user - using: - foreign_key_constraint_on: log_usr_id - - name: request - using: - foreign_key_constraint_on: request_id - table: - name: request_user_change - schema: public -- array_relationships: - - name: changelog_rules - using: - foreign_key_constraint_on: - column: new_rule_id - table: - name: changelog_rule - schema: public - - name: changelogRulesByOldRuleId - using: - foreign_key_constraint_on: - column: old_rule_id - table: - name: changelog_rule - schema: public - - name: rule_froms - using: - foreign_key_constraint_on: - column: rule_id - table: - name: rule_from - schema: public - - name: rule_nwobj_resolveds - using: - foreign_key_constraint_on: - column: rule_id - table: - name: rule_nwobj_resolved - schema: public - - name: rules - using: - foreign_key_constraint_on: - column: parent_rule_id - table: - name: rule - schema: public - - name: rule_services - using: - foreign_key_constraint_on: - column: rule_id - table: - name: rule_service - schema: public - - name: rule_svc_resolveds - using: - foreign_key_constraint_on: - column: rule_id - table: - name: rule_svc_resolved - schema: public - - name: rule_tos - using: - foreign_key_constraint_on: - column: rule_id - table: - name: rule_to - schema: public - - name: rule_user_resolveds - using: - foreign_key_constraint_on: - column: rule_id - table: - name: rule_user_resolved - schema: public - object_relationships: - - name: device - using: - foreign_key_constraint_on: dev_id - - name: import_control - using: - foreign_key_constraint_on: rule_create - - name: importControlByRuleLastSeen - using: - foreign_key_constraint_on: rule_last_seen - - name: management - using: - foreign_key_constraint_on: mgm_id - - name: parentRuleTypeByParentRuleType - using: - foreign_key_constraint_on: parent_rule_type - - name: rule - using: - foreign_key_constraint_on: parent_rule_id - - name: rule_metadatum - using: - manual_configuration: - column_mapping: - dev_id: dev_id - rule_uid: rule_uid - remote_table: - name: rule_metadata - schema: public - - name: stm_action - using: - foreign_key_constraint_on: action_id - - name: stm_track - using: - foreign_key_constraint_on: track_id - - name: uiuser - using: - foreign_key_constraint_on: last_change_admin - - name: zone - using: - foreign_key_constraint_on: rule_from_zone - - name: zoneByRuleToZone - using: - foreign_key_constraint_on: rule_to_zone - select_permissions: - - permission: - allow_aggregations: true - columns: - - action_id - - active - - dev_id - - last_change_admin - - mgm_id - - parent_rule_id - - parent_rule_type - - rule_action - - rule_comment - - rule_create - - rule_disabled - - rule_dst - - rule_dst_neg - - rule_dst_refs - - rule_from_zone - - rule_head_text - - rule_id - - rule_implied - - rule_installon - - rule_last_seen - - rule_name - - rule_num - - rule_num_numeric - - rule_ruleid - - rule_src - - rule_src_neg - - rule_src_refs - - rule_svc - - rule_svc_neg - - rule_svc_refs - - rule_time - - rule_to_zone - - rule_track - - rule_uid - - track_id - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - action_id - - active - - dev_id - - last_change_admin - - mgm_id - - parent_rule_id - - parent_rule_type - - rule_action - - rule_comment - - rule_create - - rule_disabled - - rule_dst - - rule_dst_neg - - rule_dst_refs - - rule_from_zone - - rule_head_text - - rule_id - - rule_implied - - rule_installon - - rule_last_seen - - rule_name - - rule_num - - rule_num_numeric - - rule_ruleid - - rule_src - - rule_src_neg - - rule_src_refs - - rule_svc - - rule_svc_neg - - rule_svc_refs - - rule_time - - rule_to_zone - - rule_track - - rule_uid - - track_id - filter: - mgm_id: - _in: x-hasura-visible-managements - role: recertifier - - permission: - allow_aggregations: true - columns: - - action_id - - active - - dev_id - - last_change_admin - - mgm_id - - parent_rule_id - - parent_rule_type - - rule_action - - rule_comment - - rule_create - - rule_disabled - - rule_dst - - rule_dst_neg - - rule_dst_refs - - rule_from_zone - - rule_head_text - - rule_id - - rule_implied - - rule_installon - - rule_last_seen - - rule_name - - rule_num - - rule_num_numeric - - rule_ruleid - - rule_src - - rule_src_neg - - rule_src_refs - - rule_svc - - rule_svc_neg - - rule_svc_refs - - rule_time - - rule_to_zone - - rule_track - - rule_uid - - track_id - filter: - mgm_id: - _in: x-hasura-visible-managements - role: reporter - - permission: - allow_aggregations: true - columns: - - action_id - - active - - dev_id - - last_change_admin - - mgm_id - - parent_rule_id - - parent_rule_type - - rule_action - - rule_comment - - rule_create - - rule_disabled - - rule_dst - - rule_dst_neg - - rule_dst_refs - - rule_from_zone - - rule_head_text - - rule_id - - rule_implied - - rule_installon - - rule_last_seen - - rule_name - - rule_num - - rule_num_numeric - - rule_ruleid - - rule_src - - rule_src_neg - - rule_src_refs - - rule_svc - - rule_svc_neg - - rule_svc_refs - - rule_time - - rule_to_zone - - rule_track - - rule_uid - - track_id - filter: {} - role: reporter-viewall - table: - name: rule - schema: public -- object_relationships: - - name: import_control - using: - foreign_key_constraint_on: rf_create - - name: importControlByRfLastSeen - using: - foreign_key_constraint_on: rf_last_seen - - name: object - using: - foreign_key_constraint_on: obj_id - - name: rule - using: - foreign_key_constraint_on: rule_id - - name: usr - using: - foreign_key_constraint_on: user_id - select_permissions: - - permission: - columns: - - rule_from_id - - rf_create - - rf_last_seen - - rule_id - - obj_id - - user_id - - active - - negated - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - rule_from_id - - rf_create - - rf_last_seen - - rule_id - - obj_id - - user_id - - active - - negated - filter: {} - role: recertifier - - permission: - allow_aggregations: true - columns: - - rule_from_id - - rf_create - - rf_last_seen - - rule_id - - obj_id - - user_id - - active - - negated - filter: {} - role: reporter - - permission: - columns: - - rule_from_id - - rf_create - - rf_last_seen - - rule_id - - obj_id - - user_id - - active - - negated - filter: {} - role: reporter-viewall - table: - name: rule_from - schema: public -- array_relationships: - - name: rule_reviews - using: - foreign_key_constraint_on: - column: rule_metadata_id - table: - name: rule_review - schema: public - - name: rules - using: - manual_configuration: - column_mapping: - dev_id: dev_id - rule_uid: rule_uid - remote_table: - name: rule - schema: public - delete_permissions: - - permission: - filter: {} - role: importer - insert_permissions: - - permission: - backend_only: false - check: {} - columns: - - rule_to_be_removed - - dev_id - - last_change_admin - - rule_last_certifier - - rule_owner - - rule_hit_counter - - rule_metadata_id - - rule_uid - - rule_created - - rule_decert_date - - rule_first_hit - - rule_last_certified - - rule_last_hit - - rule_last_modified - - rule_last_certifier_dn - - rule_owner_dn - - rule_recertification_comment - role: importer - object_relationships: - - name: device - using: - foreign_key_constraint_on: dev_id - - name: uiuser - using: - foreign_key_constraint_on: rule_owner - - name: uiuserByRuleLastCertifier - using: - foreign_key_constraint_on: rule_last_certifier - select_permissions: - - permission: - allow_aggregations: true - columns: - - rule_metadata_id - - dev_id - - rule_uid - - rule_created - - rule_last_modified - - rule_first_hit - - rule_last_hit - - rule_hit_counter - - rule_last_certified - - rule_last_certifier - - rule_last_certifier_dn - - rule_owner - - rule_owner_dn - - rule_to_be_removed - - last_change_admin - - rule_decert_date - - rule_recertification_comment - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - rule_to_be_removed - - dev_id - - last_change_admin - - rule_last_certifier - - rule_owner - - rule_hit_counter - - rule_metadata_id - - rule_uid - - rule_created - - rule_decert_date - - rule_first_hit - - rule_last_certified - - rule_last_hit - - rule_last_modified - - rule_last_certifier_dn - - rule_owner_dn - - rule_recertification_comment - filter: {} - role: importer - - permission: - columns: - - rule_to_be_removed - - dev_id - - last_change_admin - - rule_last_certifier - - rule_owner - - rule_hit_counter - - rule_metadata_id - - rule_uid - - rule_created - - rule_decert_date - - rule_first_hit - - rule_last_certified - - rule_last_hit - - rule_last_modified - - rule_last_certifier_dn - - rule_owner_dn - - rule_recertification_comment - filter: {} - role: recertifier - - permission: - allow_aggregations: true - columns: - - rule_metadata_id - - dev_id - - rule_uid - - rule_created - - rule_last_modified - - rule_first_hit - - rule_last_hit - - rule_hit_counter - - rule_last_certified - - rule_last_certifier - - rule_last_certifier_dn - - rule_owner - - rule_owner_dn - - rule_to_be_removed - - last_change_admin - - rule_decert_date - - rule_recertification_comment - filter: - dev_id: - _in: x-hasura-visible-devices - role: reporter - - permission: - allow_aggregations: true - columns: - - rule_to_be_removed - - dev_id - - last_change_admin - - rule_last_certifier - - rule_owner - - rule_hit_counter - - rule_metadata_id - - rule_uid - - rule_created - - rule_decert_date - - rule_first_hit - - rule_last_certified - - rule_last_hit - - rule_last_modified - - rule_last_certifier_dn - - rule_owner_dn - - rule_recertification_comment - filter: {} - role: reporter-viewall - table: - name: rule_metadata - schema: public - update_permissions: - - permission: - check: null - columns: - - rule_to_be_removed - - dev_id - - last_change_admin - - rule_last_certifier - - rule_owner - - rule_hit_counter - - rule_metadata_id - - rule_uid - - rule_created - - rule_decert_date - - rule_first_hit - - rule_last_certified - - rule_last_hit - - rule_last_modified - - rule_last_certifier_dn - - rule_owner_dn - - rule_recertification_comment - filter: {} - role: importer - - permission: - check: {} - columns: - - rule_decert_date - - rule_last_certified - - rule_last_certifier - - rule_last_certifier_dn - - rule_recertification_comment - - rule_to_be_removed - filter: {} - role: recertifier -- object_relationships: - - name: import_control - using: - foreign_key_constraint_on: removed - - name: importControlByCreated - using: - foreign_key_constraint_on: created - - name: management - using: - foreign_key_constraint_on: mgm_id - - name: object - using: - foreign_key_constraint_on: obj_id - - name: rule - using: - foreign_key_constraint_on: rule_id - select_permissions: - - permission: - allow_aggregations: true - columns: - - created - - mgm_id - - obj_id - - removed - - rule_id - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - created - - mgm_id - - obj_id - - removed - - rule_id - filter: - mgm_id: - _in: x-hasura-visible-managements - role: recertifier - - permission: - allow_aggregations: true - columns: - - created - - mgm_id - - obj_id - - removed - - rule_id - filter: - mgm_id: - _in: X-Hasura-visible-managements - role: reporter - - permission: - allow_aggregations: true - columns: - - created - - mgm_id - - obj_id - - removed - - rule_id - filter: {} - role: reporter-viewall - table: - name: rule_nwobj_resolved - schema: public -- object_relationships: - - name: rule_metadatum - using: - foreign_key_constraint_on: rule_metadata_id - - name: tenant - using: - foreign_key_constraint_on: tenant_id - table: - name: rule_review - schema: public -- object_relationships: - - name: import_control - using: - foreign_key_constraint_on: rs_create - - name: importControlByRsLastSeen - using: - foreign_key_constraint_on: rs_last_seen - - name: rule - using: - foreign_key_constraint_on: rule_id - - name: service - using: - foreign_key_constraint_on: svc_id - select_permissions: - - permission: - columns: - - rule_id - - svc_id - - active - - rs_create - - rs_last_seen - - negated - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - rule_id - - svc_id - - active - - rs_create - - rs_last_seen - - negated - filter: {} - role: recertifier - - permission: - allow_aggregations: true - columns: - - rule_id - - svc_id - - active - - rs_create - - rs_last_seen - - negated - filter: {} - role: reporter - - permission: - columns: - - rule_id - - svc_id - - active - - rs_create - - rs_last_seen - - negated - filter: {} - role: reporter-viewall - table: - name: rule_service - schema: public -- object_relationships: - - name: import_control - using: - foreign_key_constraint_on: removed - - name: importControlByCreated - using: - foreign_key_constraint_on: created - - name: management - using: - foreign_key_constraint_on: mgm_id - - name: rule - using: - foreign_key_constraint_on: rule_id - - name: service - using: - foreign_key_constraint_on: svc_id - select_permissions: - - permission: - allow_aggregations: true - columns: - - mgm_id - - created - - removed - - rule_id - - svc_id - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - mgm_id - - rule_id - - svc_id - - created - - removed - filter: - mgm_id: - _in: x-hasura-visible-managements - role: recertifier - - permission: - allow_aggregations: true - columns: - - mgm_id - - created - - removed - - rule_id - - svc_id - filter: - mgm_id: - _in: X-Hasura-visible-managements - role: reporter - - permission: - allow_aggregations: true - columns: - - mgm_id - - created - - removed - - rule_id - - svc_id - filter: {} - role: reporter-viewall - table: - name: rule_svc_resolved - schema: public -- object_relationships: - - name: import_control - using: - foreign_key_constraint_on: rt_create - - name: importControlByRtLastSeen - using: - foreign_key_constraint_on: rt_last_seen - - name: object - using: - foreign_key_constraint_on: obj_id - - name: rule - using: - foreign_key_constraint_on: rule_id - select_permissions: - - permission: - columns: - - rule_id - - obj_id - - rt_create - - rt_last_seen - - active - - negated - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - rule_id - - obj_id - - rt_create - - rt_last_seen - - active - - negated - filter: {} - role: recertifier - - permission: - allow_aggregations: true - columns: - - rule_id - - obj_id - - rt_create - - rt_last_seen - - active - - negated - filter: {} - role: reporter - - permission: - columns: - - rule_id - - obj_id - - rt_create - - rt_last_seen - - active - - negated - filter: {} - role: reporter-viewall - table: - name: rule_to - schema: public -- object_relationships: - - name: import_control - using: - foreign_key_constraint_on: removed - - name: importControlByCreated - using: - foreign_key_constraint_on: created - - name: management - using: - foreign_key_constraint_on: mgm_id - - name: rule - using: - foreign_key_constraint_on: rule_id - - name: usr - using: - foreign_key_constraint_on: user_id - select_permissions: - - permission: - allow_aggregations: true - columns: - - mgm_id - - rule_id - - user_id - - created - - removed - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - mgm_id - - created - - removed - - rule_id - - user_id - filter: - mgm_id: - _in: x-hasura-visible-managements - role: recertifier - - permission: - allow_aggregations: true - columns: [] - filter: - mgm_id: - _in: X-Hasura-visible-managements - role: reporter - - permission: - allow_aggregations: true - columns: - - mgm_id - - created - - removed - - rule_id - - user_id - filter: {} - role: reporter-viewall - table: - name: rule_user_resolved - schema: public -- array_relationships: - - name: changelog_services - using: - foreign_key_constraint_on: - column: new_svc_id - table: - name: changelog_service - schema: public - - name: changelogServicesByOldSvcId - using: - foreign_key_constraint_on: - column: old_svc_id - table: - name: changelog_service - schema: public - - name: rule_services - using: - foreign_key_constraint_on: - column: svc_id - table: - name: rule_service - schema: public - - name: rule_svc_resolveds - using: - foreign_key_constraint_on: - column: svc_id - table: - name: rule_svc_resolved - schema: public - - name: svcgrp_flats - using: - foreign_key_constraint_on: - column: svcgrp_flat_id - table: - name: svcgrp_flat - schema: public - - name: svcgrpFlatsBySvcgrpFlatMemberId - using: - foreign_key_constraint_on: - column: svcgrp_flat_member_id - table: - name: svcgrp_flat - schema: public - - name: svcgrps - using: - foreign_key_constraint_on: - column: svcgrp_id - table: - name: svcgrp - schema: public - - name: svcgrpsBySvcgrpMemberId - using: - foreign_key_constraint_on: - column: svcgrp_member_id - table: - name: svcgrp - schema: public - object_relationships: - - name: import_control - using: - foreign_key_constraint_on: svc_create - - name: importControlBySvcLastSeen - using: - foreign_key_constraint_on: svc_last_seen - - name: management - using: - foreign_key_constraint_on: mgm_id - - name: stm_color - using: - foreign_key_constraint_on: svc_color_id - - name: stm_ip_proto - using: - foreign_key_constraint_on: ip_proto_id - - name: stm_svc_typ - using: - foreign_key_constraint_on: svc_typ_id - - name: uiuser - using: - foreign_key_constraint_on: last_change_admin - select_permissions: - - permission: - allow_aggregations: true - columns: - - svc_id - - svc_uid - - svc_name - - svc_typ_id - - mgm_id - - svc_comment - - svc_prod_specific - - svc_member_names - - svc_member_refs - - svc_color_id - - ip_proto_id - - svc_port - - svc_port_end - - initial_config - - srv_keeponinstall - - svc_rpcnr - - svc_code - - svc_match - - svc_source_port - - svc_source_port_end - - svc_tcp_res - - svc_accept_rep - - svc_accept_rep_any - - svc_mfa - - svc_timeout_std - - svc_timeout - - svc_sync - - svc_sync_delay - - svc_sync_delay_start - - active - - last_change_admin - - svc_create - - svc_last_seen - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - svc_id - - svc_uid - - svc_name - - svc_typ_id - - mgm_id - - svc_comment - - svc_prod_specific - - svc_member_names - - svc_member_refs - - svc_color_id - - ip_proto_id - - svc_port - - svc_port_end - - initial_config - - srv_keeponinstall - - svc_rpcnr - - svc_code - - svc_match - - svc_source_port - - svc_source_port_end - - svc_tcp_res - - svc_accept_rep - - svc_accept_rep_any - - svc_mfa - - svc_timeout_std - - svc_timeout - - svc_sync - - svc_sync_delay - - svc_sync_delay_start - - active - - last_change_admin - - svc_create - - svc_last_seen - filter: - mgm_id: - _in: x-hasura-visible-managements - role: recertifier - - permission: - allow_aggregations: true - columns: - - svc_id - - svc_uid - - svc_name - - svc_typ_id - - mgm_id - - svc_comment - - svc_prod_specific - - svc_member_names - - svc_member_refs - - svc_color_id - - ip_proto_id - - svc_port - - svc_port_end - - initial_config - - srv_keeponinstall - - svc_rpcnr - - svc_code - - svc_match - - svc_source_port - - svc_source_port_end - - svc_tcp_res - - svc_accept_rep - - svc_accept_rep_any - - svc_mfa - - svc_timeout_std - - svc_timeout - - svc_sync - - svc_sync_delay - - svc_sync_delay_start - - active - - last_change_admin - - svc_create - - svc_last_seen - filter: - mgm_id: - _in: x-hasura-visible-managements - role: reporter - - permission: - allow_aggregations: true - columns: - - svc_id - - svc_uid - - svc_name - - svc_typ_id - - mgm_id - - svc_comment - - svc_prod_specific - - svc_member_names - - svc_member_refs - - svc_color_id - - ip_proto_id - - svc_port - - svc_port_end - - initial_config - - srv_keeponinstall - - svc_rpcnr - - svc_code - - svc_match - - svc_source_port - - svc_source_port_end - - svc_tcp_res - - svc_accept_rep - - svc_accept_rep_any - - svc_mfa - - svc_timeout_std - - svc_timeout - - svc_sync - - svc_sync_delay - - svc_sync_delay_start - - active - - last_change_admin - - svc_create - - svc_last_seen - filter: {} - role: reporter-viewall - table: - name: service - schema: public -- array_relationships: - - name: rules - using: - foreign_key_constraint_on: - column: action_id - table: - name: rule - schema: public - select_permissions: - - permission: - columns: - - action_id - - action_name - filter: {} - role: auditor - - permission: - columns: - - action_id - - action_name - filter: {} - role: recertifier - - permission: - columns: - - action_id - - action_name - filter: {} - role: reporter - - permission: - allow_aggregations: true - columns: - - action_id - - action_name - filter: {} - role: reporter-viewall - table: - name: stm_action - schema: public -- array_relationships: - - name: changelog_objects - using: - foreign_key_constraint_on: - column: change_type_id - table: - name: changelog_object - schema: public - - name: changelog_rules - using: - foreign_key_constraint_on: - column: change_type_id - table: - name: changelog_rule - schema: public - - name: changelog_services - using: - foreign_key_constraint_on: - column: change_type_id - table: - name: changelog_service - schema: public - - name: changelog_users - using: - foreign_key_constraint_on: - column: change_type_id - table: - name: changelog_user - schema: public - select_permissions: - - permission: - columns: - - change_type_id - - change_type_name - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - change_type_id - - change_type_name - filter: {} - role: recertifier - - permission: - allow_aggregations: true - columns: - - change_type_id - - change_type_name - filter: {} - role: reporter - - permission: - allow_aggregations: true - columns: - - change_type_id - - change_type_name - filter: {} - role: reporter-viewall - table: - name: stm_change_type - schema: public -- array_relationships: - - name: objects - using: - foreign_key_constraint_on: - column: obj_color_id - table: - name: object - schema: public - - name: services - using: - foreign_key_constraint_on: - column: svc_color_id - table: - name: service - schema: public - - name: usrs - using: - foreign_key_constraint_on: - column: user_color_id - table: - name: usr - schema: public - select_permissions: - - permission: - columns: - - color_id - - color_name - - color_rgb - - color_comment - filter: {} - role: auditor - - permission: - columns: - - color_id - - color_name - - color_rgb - - color_comment - filter: {} - role: recertifier - - permission: - columns: - - color_id - - color_name - - color_rgb - - color_comment - filter: {} - role: reporter - - permission: - allow_aggregations: true - columns: - - color_id - - color_name - - color_rgb - - color_comment - filter: {} - role: reporter-viewall - table: - name: stm_color - schema: public -- array_relationships: - - name: devices - using: - foreign_key_constraint_on: - column: dev_typ_id - table: - name: device - schema: public - - name: management - using: - foreign_key_constraint_on: - column: dev_typ_id - table: - name: management - schema: public - select_permissions: - - permission: - columns: - - dev_typ_is_mgmt - - dev_typ_id - - dev_typ_comment - - dev_typ_predef_obj - - dev_typ_predef_svc - - dev_typ_config_file_basic_objects - - dev_typ_config_file_rules - - dev_typ_config_file_users - - dev_typ_manufacturer - - dev_typ_name - - dev_typ_version - filter: {} - role: auditor - - permission: - columns: - - dev_typ_id - - dev_typ_manufacturer - - dev_typ_name - - dev_typ_version - - dev_typ_comment - - dev_typ_predef_svc - - dev_typ_predef_obj - - dev_typ_is_mgmt - - dev_typ_config_file_rules - - dev_typ_config_file_basic_objects - - dev_typ_config_file_users - filter: {} - role: recertifier - - permission: - columns: - - dev_typ_id - - dev_typ_manufacturer - - dev_typ_name - - dev_typ_version - - dev_typ_comment - - dev_typ_predef_svc - - dev_typ_predef_obj - - dev_typ_is_mgmt - - dev_typ_config_file_rules - - dev_typ_config_file_basic_objects - - dev_typ_config_file_users - filter: {} - role: reporter - - permission: - allow_aggregations: true - columns: - - dev_typ_id - - dev_typ_manufacturer - - dev_typ_name - - dev_typ_version - - dev_typ_comment - - dev_typ_predef_svc - - dev_typ_predef_obj - - dev_typ_is_mgmt - - dev_typ_config_file_rules - - dev_typ_config_file_basic_objects - - dev_typ_config_file_users - filter: {} - role: reporter-viewall - table: - name: stm_dev_typ - schema: public -- array_relationships: - - name: services - using: - foreign_key_constraint_on: - column: ip_proto_id - table: - name: service - schema: public - select_permissions: - - permission: - columns: - - ip_proto_id - - ip_proto_name - - ip_proto_comment - filter: {} - role: auditor - - permission: - columns: - - ip_proto_id - - ip_proto_name - - ip_proto_comment - filter: {} - role: recertifier - - permission: - columns: - - ip_proto_id - - ip_proto_name - - ip_proto_comment - filter: {} - role: reporter - - permission: - allow_aggregations: true - columns: - - ip_proto_id - - ip_proto_name - - ip_proto_comment - filter: {} - role: reporter-viewall - table: - name: stm_ip_proto - schema: public -- array_relationships: - - name: objects - using: - foreign_key_constraint_on: - column: nattyp_id - table: - name: object - schema: public - table: - name: stm_nattyp - schema: public -- array_relationships: - - name: objects - using: - foreign_key_constraint_on: - column: obj_typ_id - table: - name: object - schema: public - select_permissions: - - permission: - columns: - - obj_typ_id - - obj_typ_name - - obj_typ_comment - filter: {} - role: auditor - - permission: - columns: - - obj_typ_id - - obj_typ_name - - obj_typ_comment - filter: {} - role: recertifier - - permission: - columns: - - obj_typ_id - - obj_typ_name - - obj_typ_comment - filter: {} - role: reporter - - permission: - allow_aggregations: true - columns: - - obj_typ_id - - obj_typ_name - - obj_typ_comment - filter: {} - role: reporter-viewall - table: - name: stm_obj_typ - schema: public -- array_relationships: - - name: services - using: - foreign_key_constraint_on: - column: svc_typ_id - table: - name: service - schema: public - select_permissions: - - permission: - columns: - - svc_typ_id - - svc_typ_name - - svc_typ_comment - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - svc_typ_id - - svc_typ_name - - svc_typ_comment - filter: {} - role: recertifier - - permission: - allow_aggregations: true - columns: - - svc_typ_id - - svc_typ_name - - svc_typ_comment - filter: {} - role: reporter - - permission: - allow_aggregations: true - columns: - - svc_typ_id - - svc_typ_name - - svc_typ_comment - filter: {} - role: reporter-viewall - table: - name: stm_svc_typ - schema: public -- array_relationships: - - name: rules - using: - foreign_key_constraint_on: - column: track_id - table: - name: rule - schema: public - select_permissions: - - permission: - columns: - - track_id - - track_name - filter: {} - role: auditor - - permission: - columns: - - track_id - - track_name - filter: {} - role: recertifier - - permission: - columns: - - track_id - - track_name - filter: {} - role: reporter - - permission: - allow_aggregations: true - columns: - - track_id - - track_name - filter: {} - role: reporter-viewall - table: - name: stm_track - schema: public -- array_relationships: - - name: usrs - using: - foreign_key_constraint_on: - column: usr_typ_id - table: - name: usr - schema: public - select_permissions: - - permission: - columns: - - usr_typ_id - - usr_typ_name - filter: {} - role: auditor - - permission: - columns: - - usr_typ_id - - usr_typ_name - filter: {} - role: recertifier - - permission: - columns: - - usr_typ_id - - usr_typ_name - filter: {} - role: reporter - - permission: - allow_aggregations: true - columns: - - usr_typ_id - - usr_typ_name - filter: {} - role: reporter-viewall - table: - name: stm_usr_typ - schema: public -- object_relationships: - - name: import_control - using: - foreign_key_constraint_on: import_created - - name: importControlByImportLastSeen - using: - foreign_key_constraint_on: import_last_seen - - name: service - using: - foreign_key_constraint_on: svcgrp_id - - name: serviceBySvcgrpMemberId - using: - foreign_key_constraint_on: svcgrp_member_id - select_permissions: - - permission: - allow_aggregations: true - columns: - - svcgrp_id - - svcgrp_member_id - - import_created - - import_last_seen - - active - - negated - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - svcgrp_id - - svcgrp_member_id - - import_created - - import_last_seen - - active - - negated - filter: {} - role: recertifier - - permission: - allow_aggregations: true - columns: - - svcgrp_id - - svcgrp_member_id - - import_created - - import_last_seen - - active - - negated - filter: {} - role: reporter - - permission: - columns: - - svcgrp_id - - svcgrp_member_id - - import_created - - import_last_seen - - active - - negated - filter: {} - role: reporter-viewall - table: - name: svcgrp - schema: public -- object_relationships: - - name: import_control - using: - foreign_key_constraint_on: import_created - - name: importControlByImportLastSeen - using: - foreign_key_constraint_on: import_last_seen - - name: service - using: - foreign_key_constraint_on: svcgrp_flat_id - - name: serviceBySvcgrpFlatMemberId - using: - foreign_key_constraint_on: svcgrp_flat_member_id - select_permissions: - - permission: - allow_aggregations: true - columns: - - svcgrp_flat_id - - svcgrp_flat_member_id - - import_created - - import_last_seen - - active - - negated - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - svcgrp_flat_id - - svcgrp_flat_member_id - - import_created - - import_last_seen - - active - - negated - filter: {} - role: recertifier - - permission: - allow_aggregations: true - columns: - - svcgrp_flat_id - - svcgrp_flat_member_id - - import_created - - import_last_seen - - active - - negated - filter: {} - role: reporter - - permission: - columns: - - svcgrp_flat_id - - svcgrp_flat_member_id - - import_created - - import_last_seen - - active - - negated - filter: {} - role: reporter-viewall - table: - name: svcgrp_flat - schema: public -- array_relationships: - - name: devices - using: - foreign_key_constraint_on: - column: tenant_id - table: - name: device - schema: public - - name: ldap_connections - using: - foreign_key_constraint_on: - column: tenant_id - table: - name: ldap_connection - schema: public - - name: management - using: - foreign_key_constraint_on: - column: tenant_id - table: - name: management - schema: public - - name: reports - using: - foreign_key_constraint_on: - column: tenant_wide_visible - table: - name: report - schema: public - - name: report_template_viewable_by_tenants - using: - foreign_key_constraint_on: - column: tenant_id - table: - name: report_template_viewable_by_tenant - schema: public - - name: requests - using: - foreign_key_constraint_on: - column: tenant_id - table: - name: request - schema: public - - name: rule_reviews - using: - foreign_key_constraint_on: - column: tenant_id - table: - name: rule_review - schema: public - - name: tenant_networks - using: - foreign_key_constraint_on: - column: tenant_id - table: - name: tenant_network - schema: public - - name: tenant_objects - using: - foreign_key_constraint_on: - column: tenant_id - table: - name: tenant_object - schema: public - - name: tenant_to_devices - using: - foreign_key_constraint_on: - column: tenant_id - table: - name: tenant_to_device - schema: public - - name: tenant_usernames - using: - foreign_key_constraint_on: - column: tenant_id - table: - name: tenant_username - schema: public - - name: tenant_users - using: - foreign_key_constraint_on: - column: tenant_id - table: - name: tenant_user - schema: public - - name: uiusers - using: - foreign_key_constraint_on: - column: tenant_id - table: - name: uiuser - schema: public - - name: usrs - using: - foreign_key_constraint_on: - column: tenant_id - table: - name: usr - schema: public - select_permissions: - - permission: - columns: - - tenant_id - - tenant_name - - tenant_projekt - - tenant_comment - - tenant_report - - tenant_can_view_all_devices - - tenant_is_superadmin - - tenant_create - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - tenant_id - - tenant_name - - tenant_projekt - - tenant_comment - - tenant_report - - tenant_can_view_all_devices - - tenant_is_superadmin - - tenant_create - filter: {} - role: middleware-server - table: - name: tenant - schema: public -- object_relationships: - - name: tenant - using: - foreign_key_constraint_on: tenant_id - table: - name: tenant_network - schema: public -- object_relationships: - - name: object - using: - foreign_key_constraint_on: obj_id - - name: tenant - using: - foreign_key_constraint_on: tenant_id - table: - name: tenant_object - schema: public -- object_relationships: - - name: device - using: - foreign_key_constraint_on: device_id - - name: tenant - using: - foreign_key_constraint_on: tenant_id - select_permissions: - - permission: - columns: - - tenant_id - - device_id - filter: {} - role: auditor - table: - name: tenant_to_device - schema: public -- object_relationships: - - name: tenant - using: - foreign_key_constraint_on: tenant_id - - name: usr - using: - foreign_key_constraint_on: user_id - table: - name: tenant_user - schema: public -- object_relationships: - - name: tenant - using: - foreign_key_constraint_on: tenant_id - table: - name: tenant_username - schema: public -- object_relationships: - - name: languageByLanguage - using: - foreign_key_constraint_on: language - select_permissions: - - permission: - allow_aggregations: true - columns: - - id - - language - - txt - filter: {} - role: anonymous - - permission: - columns: - - id - - language - - txt - filter: {} - role: auditor - table: - name: txt - schema: public -- array_relationships: - - name: changelog_objects - using: - foreign_key_constraint_on: - column: doku_admin - table: - name: changelog_object - schema: public - - name: changelogObjectsByImportAdmin - using: - foreign_key_constraint_on: - column: import_admin - table: - name: changelog_object - schema: public - - name: changelog_rules - using: - foreign_key_constraint_on: - column: doku_admin - table: - name: changelog_rule - schema: public - - name: changelogRulesByImportAdmin - using: - foreign_key_constraint_on: - column: import_admin - table: - name: changelog_rule - schema: public - - name: changelog_services - using: - foreign_key_constraint_on: - column: doku_admin - table: - name: changelog_service - schema: public - - name: changelogServicesByImportAdmin - using: - foreign_key_constraint_on: - column: import_admin - table: - name: changelog_service - schema: public - - name: changelog_users - using: - foreign_key_constraint_on: - column: doku_admin - table: - name: changelog_user - schema: public - - name: changelogUsersByImportAdmin - using: - foreign_key_constraint_on: - column: import_admin - table: - name: changelog_user - schema: public - - name: configs - using: - foreign_key_constraint_on: - column: config_user - table: - name: config - schema: public - - name: objects - using: - foreign_key_constraint_on: - column: last_change_admin - table: - name: object - schema: public - - name: reports - using: - foreign_key_constraint_on: - column: report_owner_id - table: - name: report - schema: public - - name: report_schedules - using: - foreign_key_constraint_on: - column: report_schedule_owner - table: - name: report_schedule - schema: public - - name: report_templates - using: - foreign_key_constraint_on: - column: report_template_owner - table: - name: report_template - schema: public - - name: report_template_viewable_by_users - using: - foreign_key_constraint_on: - column: uiuser_id - table: - name: report_template_viewable_by_user - schema: public - - name: rule_metadata - using: - foreign_key_constraint_on: - column: rule_last_certifier - table: - name: rule_metadata - schema: public - - name: ruleMetadataByRuleOwner - using: - foreign_key_constraint_on: - column: rule_owner - table: - name: rule_metadata - schema: public - - name: rules - using: - foreign_key_constraint_on: - column: last_change_admin - table: - name: rule - schema: public - - name: services - using: - foreign_key_constraint_on: - column: last_change_admin - table: - name: service - schema: public - - name: usrs - using: - foreign_key_constraint_on: - column: last_change_admin - table: - name: usr - schema: public - insert_permissions: - - permission: - backend_only: false - check: {} - columns: - - ldap_connection_id - - tenant_id - - uiuser_email - - uiuser_end_date - - uiuser_first_name - - uiuser_id - - uiuser_language - - uiuser_last_login - - uiuser_last_name - - uiuser_last_password_change - - uiuser_password_must_be_changed - - uiuser_pwd_history - - uiuser_start_date - - uiuser_username - - uuid - role: middleware-server - object_relationships: - - name: language - using: - foreign_key_constraint_on: uiuser_language - - name: ldap_connection - using: - foreign_key_constraint_on: ldap_connection_id - - name: tenant - using: - foreign_key_constraint_on: tenant_id - select_permissions: - - permission: - columns: - - ldap_connection_id - - tenant_id - - uiuser_email - - uiuser_end_date - - uiuser_first_name - - uiuser_id - - uiuser_language - - uiuser_last_login - - uiuser_last_name - - uiuser_last_password_change - - uiuser_password_must_be_changed - - uiuser_pwd_history - - uiuser_start_date - - uiuser_username - - uuid - filter: {} - role: auditor - - permission: - columns: - - ldap_connection_id - - tenant_id - - uiuser_email - - uiuser_end_date - - uiuser_first_name - - uiuser_id - - uiuser_language - - uiuser_last_login - - uiuser_last_name - - uiuser_last_password_change - - uiuser_password_must_be_changed - - uiuser_pwd_history - - uiuser_start_date - - uiuser_username - - uuid - filter: {} - role: middleware-server - - permission: - columns: - - ldap_connection_id - - tenant_id - - uiuser_email - - uiuser_end_date - - uiuser_first_name - - uiuser_id - - uiuser_language - - uiuser_last_login - - uiuser_last_name - - uiuser_last_password_change - - uiuser_password_must_be_changed - - uiuser_pwd_history - - uiuser_start_date - - uiuser_username - - uuid - filter: - uuid: - _eq: x-hasura-uuid - role: recertifier - - permission: - columns: - - ldap_connection_id - - tenant_id - - uiuser_email - - uiuser_end_date - - uiuser_first_name - - uiuser_id - - uiuser_language - - uiuser_last_login - - uiuser_last_name - - uiuser_last_password_change - - uiuser_password_must_be_changed - - uiuser_pwd_history - - uiuser_start_date - - uiuser_username - - uuid - filter: - uuid: - _eq: x-hasura-uuid - role: reporter - - permission: - columns: - - ldap_connection_id - - tenant_id - - uiuser_email - - uiuser_end_date - - uiuser_first_name - - uiuser_id - - uiuser_language - - uiuser_last_login - - uiuser_last_name - - uiuser_last_password_change - - uiuser_password_must_be_changed - - uiuser_pwd_history - - uiuser_start_date - - uiuser_username - - uuid - filter: - uuid: - _eq: x-hasura-uuid - role: reporter-viewall - table: - name: uiuser - schema: public - update_permissions: - - permission: - check: null - columns: - - ldap_connection_id - - tenant_id - - uiuser_email - - uiuser_end_date - - uiuser_first_name - - uiuser_id - - uiuser_language - - uiuser_last_login - - uiuser_last_name - - uiuser_last_password_change - - uiuser_password_must_be_changed - - uiuser_pwd_history - - uiuser_start_date - - uiuser_username - - uuid - filter: - uuid: - _eq: X-Hasura-uuid - role: auditor - - permission: - check: null - columns: - - ldap_connection_id - - tenant_id - - uiuser_email - - uiuser_end_date - - uiuser_first_name - - uiuser_id - - uiuser_language - - uiuser_last_login - - uiuser_last_name - - uiuser_last_password_change - - uiuser_password_must_be_changed - - uiuser_pwd_history - - uiuser_start_date - - uiuser_username - - uuid - filter: {} - role: middleware-server - - permission: - check: null - columns: - - uiuser_language - filter: - uuid: - _eq: x-hasura-uuid - role: recertifier - - permission: - check: null - columns: - - uiuser_language - filter: - uuid: - _eq: x-hasura-uuid - role: reporter - - permission: - check: null - columns: - - uiuser_language - filter: - uuid: - _eq: x-hasura-uuid - role: reporter-viewall -- object_relationships: - - name: import_control - using: - foreign_key_constraint_on: import_created - - name: importControlByImportLastSeen - using: - foreign_key_constraint_on: import_last_seen - - name: usr - using: - foreign_key_constraint_on: usergrp_id - - name: usrByUsergrpMemberId - using: - foreign_key_constraint_on: usergrp_member_id - select_permissions: - - permission: - allow_aggregations: true - columns: - - usergrp_id - - usergrp_member_id - - import_created - - import_last_seen - - active - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - usergrp_id - - usergrp_member_id - - import_created - - import_last_seen - - active - filter: {} - role: recertifier - - permission: - allow_aggregations: true - columns: - - usergrp_id - - usergrp_member_id - - import_created - - import_last_seen - - active - filter: {} - role: reporter - - permission: - columns: - - usergrp_id - - usergrp_member_id - - import_created - - import_last_seen - - active - filter: {} - role: reporter-viewall - table: - name: usergrp - schema: public -- object_relationships: - - name: import_control - using: - foreign_key_constraint_on: import_created - - name: importControlByImportLastSeen - using: - foreign_key_constraint_on: import_last_seen - - name: usr - using: - foreign_key_constraint_on: usergrp_flat_id - - name: usrByUsergrpFlatMemberId - using: - foreign_key_constraint_on: usergrp_flat_member_id - select_permissions: - - permission: - allow_aggregations: true - columns: - - active - - usergrp_flat_id - - usergrp_flat_member_id - - import_created - - import_last_seen - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - active - - usergrp_flat_id - - usergrp_flat_member_id - - import_created - - import_last_seen - filter: {} - role: recertifier - - permission: - allow_aggregations: true - columns: - - active - - usergrp_flat_id - - usergrp_flat_member_id - - import_created - - import_last_seen - filter: {} - role: reporter - - permission: - columns: - - active - - usergrp_flat_id - - usergrp_flat_member_id - - import_created - - import_last_seen - filter: {} - role: reporter-viewall - table: - name: usergrp_flat - schema: public -- array_relationships: - - name: changelog_users - using: - foreign_key_constraint_on: - column: new_user_id - table: - name: changelog_user - schema: public - - name: changelogUsersByOldUserId - using: - foreign_key_constraint_on: - column: old_user_id - table: - name: changelog_user - schema: public - - name: rule_froms - using: - foreign_key_constraint_on: - column: user_id - table: - name: rule_from - schema: public - - name: rule_user_resolveds - using: - foreign_key_constraint_on: - column: user_id - table: - name: rule_user_resolved - schema: public - - name: tenant_users - using: - foreign_key_constraint_on: - column: user_id - table: - name: tenant_user - schema: public - - name: usergrp_flats - using: - foreign_key_constraint_on: - column: usergrp_flat_id - table: - name: usergrp_flat - schema: public - - name: usergrpFlatsByUsergrpFlatMemberId - using: - foreign_key_constraint_on: - column: usergrp_flat_member_id - table: - name: usergrp_flat - schema: public - - name: usergrps - using: - foreign_key_constraint_on: - column: usergrp_id - table: - name: usergrp - schema: public - - name: usergrpsByUsergrpMemberId - using: - foreign_key_constraint_on: - column: usergrp_member_id - table: - name: usergrp - schema: public - object_relationships: - - name: import_control - using: - foreign_key_constraint_on: user_create - - name: importControlByUserLastSeen - using: - foreign_key_constraint_on: user_last_seen - - name: management - using: - foreign_key_constraint_on: mgm_id - - name: stm_color - using: - foreign_key_constraint_on: user_color_id - - name: stm_usr_typ - using: - foreign_key_constraint_on: usr_typ_id - - name: tenant - using: - foreign_key_constraint_on: tenant_id - - name: uiuser - using: - foreign_key_constraint_on: last_change_admin - select_permissions: - - permission: - allow_aggregations: true - columns: - - user_id - - usr_typ_id - - user_color_id - - mgm_id - - user_name - - active - - user_member_names - - user_member_refs - - user_authmethod - - user_valid_from - - user_valid_until - - src_restrict - - dst_restrict - - time_restrict - - user_create - - user_last_seen - - user_comment - - user_uid - - user_firstname - - user_lastname - - last_change_admin - - tenant_id - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - user_id - - usr_typ_id - - user_color_id - - mgm_id - - user_name - - active - - user_member_names - - user_member_refs - - user_authmethod - - user_valid_from - - user_valid_until - - src_restrict - - dst_restrict - - time_restrict - - user_create - - user_last_seen - - user_comment - - user_uid - - user_firstname - - user_lastname - - last_change_admin - - tenant_id - filter: - mgm_id: - _in: x-hasura-visible-managements - role: recertifier - - permission: - allow_aggregations: true - columns: - - user_id - - usr_typ_id - - user_color_id - - mgm_id - - user_name - - active - - user_member_names - - user_member_refs - - user_authmethod - - user_valid_from - - user_valid_until - - src_restrict - - dst_restrict - - time_restrict - - user_create - - user_last_seen - - user_comment - - user_uid - - user_firstname - - user_lastname - - last_change_admin - - tenant_id - filter: - mgm_id: - _in: x-hasura-visible-managements - role: reporter - - permission: - allow_aggregations: true - columns: - - user_id - - usr_typ_id - - user_color_id - - mgm_id - - user_name - - active - - user_member_names - - user_member_refs - - user_authmethod - - user_valid_from - - user_valid_until - - src_restrict - - dst_restrict - - time_restrict - - user_create - - user_last_seen - - user_comment - - user_uid - - user_firstname - - user_lastname - - last_change_admin - - tenant_id - filter: {} - role: reporter-viewall - table: - name: usr - schema: public -- table: - name: view_change_counter - schema: public -- table: - name: view_changes - schema: public -- table: - name: view_changes_by_changed_element_id - schema: public -- table: - name: view_device_names - schema: public -- table: - name: view_documented_change_counter - schema: public -- table: - name: view_import_status_errors - schema: public -- table: - name: view_import_status_successful - schema: public -- table: - name: view_import_status_table - schema: public -- table: - name: view_import_status_table_unsorted - schema: public -- table: - name: view_obj_changes - schema: public -- table: - name: view_reportable_changes - schema: public -- table: - name: view_rule_changes - schema: public -- table: - name: view_rule_source_or_destination - schema: public -- table: - name: view_svc_changes - schema: public -- table: - name: view_undocumented_change_counter - schema: public -- table: - name: view_undocumented_changes - schema: public -- table: - name: view_user_changes - schema: public -- array_relationships: - - name: objects - using: - foreign_key_constraint_on: - column: zone_id - table: - name: object - schema: public - - name: rules - using: - foreign_key_constraint_on: - column: rule_from_zone - table: - name: rule - schema: public - - name: rulesByRuleToZone - using: - foreign_key_constraint_on: - column: rule_to_zone - table: - name: rule - schema: public - object_relationships: - - name: import_control - using: - foreign_key_constraint_on: zone_create - - name: importControlByZoneLastSeen - using: - foreign_key_constraint_on: zone_last_seen - - name: management - using: - foreign_key_constraint_on: mgm_id - select_permissions: - - permission: - allow_aggregations: true - columns: - - zone_id - - zone_create - - zone_last_seen - - mgm_id - - zone_name - - active - filter: {} - role: auditor - - permission: - allow_aggregations: true - columns: - - zone_id - - zone_create - - zone_last_seen - - mgm_id - - zone_name - - active - filter: - mgm_id: - _in: x-hasura-visible-managements - role: recertifier - - permission: - allow_aggregations: true - columns: - - zone_id - - zone_create - - zone_last_seen - - mgm_id - - zone_name - - active - filter: - mgm_id: - _in: x-hasura-visible-managements - role: reporter - - permission: - allow_aggregations: true - columns: - - active - - mgm_id - - zone_create - - zone_last_seen - - zone_id - - zone_name - filter: {} - role: reporter-viewall - table: - name: zone - schema: public -version: 2 diff --git a/roles/api/files/replace_metadata.json b/roles/api/files/replace_metadata.json new file mode 100644 index 000000000..c0d4d5777 --- /dev/null +++ b/roles/api/files/replace_metadata.json @@ -0,0 +1,8504 @@ +{ + "type": "replace_metadata", + "version": 2, + "args": { + "allow_inconsistent_metadata": false, + "metadata": { + "version": 3, + "sources": [ + { + "name": "default", + "kind": "postgres", + "tables": [ + { + "table": { + "schema": "public", + "name": "changelog_object" + }, + "object_relationships": [ + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "control_id" + } + }, + { + "name": "management", + "using": { + "foreign_key_constraint_on": "mgm_id" + } + }, + { + "name": "object", + "using": { + "foreign_key_constraint_on": "new_obj_id" + } + }, + { + "name": "objectByOldObjId", + "using": { + "foreign_key_constraint_on": "old_obj_id" + } + }, + { + "name": "stm_change_type", + "using": { + "foreign_key_constraint_on": "change_type_id" + } + }, + { + "name": "uiuser", + "using": { + "foreign_key_constraint_on": "doku_admin" + } + }, + { + "name": "uiuserByImportAdmin", + "using": { + "foreign_key_constraint_on": "import_admin" + } + } + ], + "array_relationships": [ + { + "name": "request_object_changes", + "using": { + "foreign_key_constraint_on": { + "column": "log_obj_id", + "table": { + "schema": "public", + "name": "request_object_change" + } + } + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "changelog_rule" + }, + "object_relationships": [ + { + "name": "device", + "using": { + "foreign_key_constraint_on": "dev_id" + } + }, + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "control_id" + } + }, + { + "name": "management", + "using": { + "foreign_key_constraint_on": "mgm_id" + } + }, + { + "name": "rule", + "using": { + "foreign_key_constraint_on": "new_rule_id" + } + }, + { + "name": "ruleByOldRuleId", + "using": { + "foreign_key_constraint_on": "old_rule_id" + } + }, + { + "name": "stm_change_type", + "using": { + "foreign_key_constraint_on": "change_type_id" + } + }, + { + "name": "uiuser", + "using": { + "foreign_key_constraint_on": "doku_admin" + } + }, + { + "name": "uiuserByImportAdmin", + "using": { + "foreign_key_constraint_on": "import_admin" + } + } + ], + "array_relationships": [ + { + "name": "request_rule_changes", + "using": { + "foreign_key_constraint_on": { + "column": "log_rule_id", + "table": { + "schema": "public", + "name": "request_rule_change" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "log_rule_id", + "doku_admin", + "control_id", + "import_admin", + "new_rule_id", + "old_rule_id", + "implicit_change", + "abs_change_id", + "change_action", + "changelog_rule_comment", + "documented", + "docu_time", + "mgm_id", + "dev_id", + "change_type_id", + "security_relevant", + "change_request_info", + "change_time", + "unique_name" + ], + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "log_rule_id", + "doku_admin", + "control_id", + "import_admin", + "new_rule_id", + "old_rule_id", + "implicit_change", + "abs_change_id", + "change_action", + "changelog_rule_comment", + "documented", + "docu_time", + "mgm_id", + "dev_id", + "change_type_id", + "security_relevant", + "change_request_info", + "change_time", + "unique_name" + ], + "filter": { + "dev_id": { + "_in": "x-hasura-visible-devices" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "log_rule_id", + "doku_admin", + "control_id", + "import_admin", + "new_rule_id", + "old_rule_id", + "implicit_change", + "abs_change_id", + "change_action", + "changelog_rule_comment", + "documented", + "docu_time", + "mgm_id", + "dev_id", + "change_type_id", + "security_relevant", + "change_request_info", + "change_time", + "unique_name" + ], + "filter": { + "dev_id": { + "_in": "x-hasura-visible-devices" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "log_rule_id", + "doku_admin", + "control_id", + "import_admin", + "new_rule_id", + "old_rule_id", + "implicit_change", + "abs_change_id", + "change_action", + "changelog_rule_comment", + "documented", + "docu_time", + "mgm_id", + "dev_id", + "change_type_id", + "security_relevant", + "change_request_info", + "change_time", + "unique_name" + ], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "changelog_service" + }, + "object_relationships": [ + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "control_id" + } + }, + { + "name": "management", + "using": { + "foreign_key_constraint_on": "mgm_id" + } + }, + { + "name": "service", + "using": { + "foreign_key_constraint_on": "new_svc_id" + } + }, + { + "name": "serviceByOldSvcId", + "using": { + "foreign_key_constraint_on": "old_svc_id" + } + }, + { + "name": "stm_change_type", + "using": { + "foreign_key_constraint_on": "change_type_id" + } + }, + { + "name": "uiuser", + "using": { + "foreign_key_constraint_on": "doku_admin" + } + }, + { + "name": "uiuserByImportAdmin", + "using": { + "foreign_key_constraint_on": "import_admin" + } + } + ], + "array_relationships": [ + { + "name": "request_service_changes", + "using": { + "foreign_key_constraint_on": { + "column": "log_svc_id", + "table": { + "schema": "public", + "name": "request_service_change" + } + } + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "changelog_user" + }, + "object_relationships": [ + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "control_id" + } + }, + { + "name": "management", + "using": { + "foreign_key_constraint_on": "mgm_id" + } + }, + { + "name": "stm_change_type", + "using": { + "foreign_key_constraint_on": "change_type_id" + } + }, + { + "name": "uiuser", + "using": { + "foreign_key_constraint_on": "doku_admin" + } + }, + { + "name": "uiuserByImportAdmin", + "using": { + "foreign_key_constraint_on": "import_admin" + } + }, + { + "name": "usr", + "using": { + "foreign_key_constraint_on": "new_user_id" + } + }, + { + "name": "usrByOldUserId", + "using": { + "foreign_key_constraint_on": "old_user_id" + } + } + ], + "array_relationships": [ + { + "name": "request_user_changes", + "using": { + "foreign_key_constraint_on": { + "column": "log_usr_id", + "table": { + "schema": "public", + "name": "request_user_change" + } + } + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "config" + }, + "object_relationships": [ + { + "name": "uiuser", + "using": { + "foreign_key_constraint_on": "config_user" + } + } + ], + "insert_permissions": [ + { + "role": "auditor", + "permission": { + "check": { + "config_user": { + "_eq": "X-Hasura-User-Id" + } + }, + "columns": ["config_key", "config_value", "config_user"], + "backend_only": false + } + }, + { + "role": "recertifier", + "permission": { + "check": { + "_or": [ + { + "config_user": { + "_eq": "X-Hasura-User-Id" + } + }, + { + "config_user": { + "_eq": 0 + } + } + ] + }, + "columns": ["config_key", "config_value", "config_user"] + } + }, + { + "role": "reporter", + "permission": { + "check": { + "config_user": { + "_eq": "X-Hasura-User-Id" + } + }, + "columns": ["config_user", "config_key", "config_value"], + "backend_only": false + } + }, + { + "role": "reporter-viewall", + "permission": { + "check": { + "config_user": { + "_eq": "X-Hasura-User-Id" + } + }, + "columns": ["config_user", "config_key", "config_value"], + "backend_only": false + } + } + ], + "select_permissions": [ + { + "role": "anonymous", + "permission": { + "columns": ["config_key", "config_value", "config_user"], + "filter": { + "config_user": { + "_eq": 0 + } + } + } + }, + { + "role": "auditor", + "permission": { + "columns": ["config_user", "config_key", "config_value"], + "filter": {} + } + }, + { + "role": "middleware-server", + "permission": { + "columns": ["config_key", "config_value", "config_user"], + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": ["config_key", "config_value", "config_user"], + "filter": { + "_or": [ + { + "config_user": { + "_eq": "X-Hasura-User-Id" + } + }, + { + "config_user": { + "_eq": 0 + } + } + ] + } + } + }, + { + "role": "reporter", + "permission": { + "columns": ["config_key", "config_value", "config_user"], + "filter": { + "_or": [ + { + "config_user": { + "_eq": "X-Hasura-User-Id" + } + }, + { + "config_user": { + "_eq": 0 + } + } + ] + } + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": ["config_user", "config_key", "config_value"], + "filter": { + "_or": [ + { + "config_user": { + "_eq": "X-Hasura-User-Id" + } + }, + { + "config_user": { + "_eq": 0 + } + } + ] + } + } + } + ], + "update_permissions": [ + { + "role": "auditor", + "permission": { + "columns": ["config_user", "config_key", "config_value"], + "filter": { + "config_user": { + "_eq": "X-Hasura-User-Id" + } + }, + "check": null + } + }, + { + "role": "recertifier", + "permission": { + "columns": ["config_key", "config_value", "config_user"], + "filter": { + "_or": [ + { + "config_user": { + "_eq": "X-Hasura-User-Id" + } + }, + { + "config_user": { + "_eq": 0 + } + } + ] + }, + "check": null + } + }, + { + "role": "reporter", + "permission": { + "columns": ["config_value"], + "filter": { + "config_user": { + "_eq": "X-Hasura-User-Id" + } + }, + "check": null + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": ["config_value"], + "filter": { + "config_user": { + "_eq": "X-Hasura-User-Id" + } + }, + "check": null + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "device" + }, + "object_relationships": [ + { + "name": "management", + "using": { + "foreign_key_constraint_on": "mgm_id" + } + }, + { + "name": "stm_dev_typ", + "using": { + "foreign_key_constraint_on": "dev_typ_id" + } + }, + { + "name": "tenant", + "using": { + "foreign_key_constraint_on": "tenant_id" + } + } + ], + "array_relationships": [ + { + "name": "changelog_rules", + "using": { + "foreign_key_constraint_on": { + "column": "dev_id", + "table": { + "schema": "public", + "name": "changelog_rule" + } + } + } + }, + { + "name": "objects", + "using": { + "foreign_key_constraint_on": { + "column": "obj_nat_install", + "table": { + "schema": "public", + "name": "object" + } + } + } + }, + { + "name": "rule_metadata", + "using": { + "foreign_key_constraint_on": { + "column": "dev_id", + "table": { + "schema": "public", + "name": "rule_metadata" + } + } + } + }, + { + "name": "rules", + "using": { + "foreign_key_constraint_on": { + "column": "dev_id", + "table": { + "schema": "public", + "name": "rule" + } + } + } + }, + { + "name": "tenant_to_devices", + "using": { + "foreign_key_constraint_on": { + "column": "device_id", + "table": { + "schema": "public", + "name": "tenant_to_device" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "dev_id", + "mgm_id", + "dev_name", + "dev_rulebase", + "dev_typ_id", + "tenant_id", + "dev_active", + "dev_comment", + "dev_create", + "dev_update", + "do_not_import", + "clearing_import_ran", + "force_initial_import", + "hide_in_gui" + ], + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "dev_id", + "mgm_id", + "dev_name", + "dev_rulebase", + "dev_typ_id", + "tenant_id", + "dev_active", + "dev_comment", + "dev_create", + "dev_update", + "do_not_import", + "clearing_import_ran", + "force_initial_import", + "hide_in_gui" + ], + "filter": { + "_and": [ + { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + { + "dev_id": { + "_in": "x-hasura-visible-devices" + } + } + ] + }, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "dev_id", + "mgm_id", + "dev_name", + "dev_rulebase", + "dev_typ_id", + "tenant_id", + "dev_active", + "dev_comment", + "dev_create", + "dev_update", + "do_not_import", + "clearing_import_ran", + "force_initial_import", + "hide_in_gui" + ], + "filter": { + "_and": [ + { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + { + "dev_id": { + "_in": "x-hasura-visible-devices" + } + } + ] + }, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "dev_id", + "mgm_id", + "dev_name", + "dev_rulebase", + "dev_typ_id", + "tenant_id", + "dev_active", + "dev_comment", + "dev_create", + "dev_update", + "do_not_import", + "clearing_import_ran", + "force_initial_import", + "hide_in_gui" + ], + "filter": {} + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "device_type" + }, + "insert_permissions": [ + { + "role": "middleware-server", + "permission": { + "check": {}, + "columns": ["id", "name"], + "backend_only": false + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": ["id", "name"], + "filter": {} + } + }, + { + "role": "middleware-server", + "permission": { + "columns": ["id", "name"], + "filter": {} + } + } + ], + "update_permissions": [ + { + "role": "middleware-server", + "permission": { + "columns": ["id", "name"], + "filter": {}, + "check": null + } + } + ], + "delete_permissions": [ + { + "role": "middleware-server", + "permission": { + "filter": {} + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "error" + }, + "array_relationships": [ + { + "name": "error_logs", + "using": { + "foreign_key_constraint_on": { + "column": "error_id", + "table": { + "schema": "public", + "name": "error_log" + } + } + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "error_log" + }, + "object_relationships": [ + { + "name": "error", + "using": { + "foreign_key_constraint_on": "error_id" + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "import_changelog" + }, + "object_relationships": [ + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "control_id" + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "import_control" + }, + "object_relationships": [ + { + "name": "management", + "using": { + "foreign_key_constraint_on": "mgm_id" + } + } + ], + "array_relationships": [ + { + "name": "changelog_objects", + "using": { + "foreign_key_constraint_on": { + "column": "control_id", + "table": { + "schema": "public", + "name": "changelog_object" + } + } + } + }, + { + "name": "changelog_rules", + "using": { + "foreign_key_constraint_on": { + "column": "control_id", + "table": { + "schema": "public", + "name": "changelog_rule" + } + } + } + }, + { + "name": "changelog_services", + "using": { + "foreign_key_constraint_on": { + "column": "control_id", + "table": { + "schema": "public", + "name": "changelog_service" + } + } + } + }, + { + "name": "changelog_users", + "using": { + "foreign_key_constraint_on": { + "column": "control_id", + "table": { + "schema": "public", + "name": "changelog_user" + } + } + } + }, + { + "name": "import_changelogs", + "using": { + "foreign_key_constraint_on": { + "column": "control_id", + "table": { + "schema": "public", + "name": "import_changelog" + } + } + } + }, + { + "name": "import_objects", + "using": { + "foreign_key_constraint_on": { + "column": "control_id", + "table": { + "schema": "public", + "name": "import_object" + } + } + } + }, + { + "name": "import_rules", + "using": { + "foreign_key_constraint_on": { + "column": "control_id", + "table": { + "schema": "public", + "name": "import_rule" + } + } + } + }, + { + "name": "import_services", + "using": { + "foreign_key_constraint_on": { + "column": "control_id", + "table": { + "schema": "public", + "name": "import_service" + } + } + } + }, + { + "name": "import_users", + "using": { + "foreign_key_constraint_on": { + "column": "control_id", + "table": { + "schema": "public", + "name": "import_user" + } + } + } + }, + { + "name": "import_zones", + "using": { + "foreign_key_constraint_on": { + "column": "control_id", + "table": { + "schema": "public", + "name": "import_zone" + } + } + } + }, + { + "name": "objects", + "using": { + "foreign_key_constraint_on": { + "column": "obj_create", + "table": { + "schema": "public", + "name": "object" + } + } + } + }, + { + "name": "objectsByObjLastSeen", + "using": { + "foreign_key_constraint_on": { + "column": "obj_last_seen", + "table": { + "schema": "public", + "name": "object" + } + } + } + }, + { + "name": "objgrpFlatsByImportLastSeen", + "using": { + "foreign_key_constraint_on": { + "column": "import_last_seen", + "table": { + "schema": "public", + "name": "objgrp_flat" + } + } + } + }, + { + "name": "objgrp_flats", + "using": { + "foreign_key_constraint_on": { + "column": "import_created", + "table": { + "schema": "public", + "name": "objgrp_flat" + } + } + } + }, + { + "name": "objgrps", + "using": { + "foreign_key_constraint_on": { + "column": "import_created", + "table": { + "schema": "public", + "name": "objgrp" + } + } + } + }, + { + "name": "objgrpsByImportLastSeen", + "using": { + "foreign_key_constraint_on": { + "column": "import_last_seen", + "table": { + "schema": "public", + "name": "objgrp" + } + } + } + }, + { + "name": "ruleFromsByRfLastSeen", + "using": { + "foreign_key_constraint_on": { + "column": "rf_last_seen", + "table": { + "schema": "public", + "name": "rule_from" + } + } + } + }, + { + "name": "ruleNwobjResolvedsByRemoved", + "using": { + "foreign_key_constraint_on": { + "column": "removed", + "table": { + "schema": "public", + "name": "rule_nwobj_resolved" + } + } + } + }, + { + "name": "ruleServicesByRsLastSeen", + "using": { + "foreign_key_constraint_on": { + "column": "rs_last_seen", + "table": { + "schema": "public", + "name": "rule_service" + } + } + } + }, + { + "name": "ruleSvcResolvedsByRemoved", + "using": { + "foreign_key_constraint_on": { + "column": "removed", + "table": { + "schema": "public", + "name": "rule_svc_resolved" + } + } + } + }, + { + "name": "ruleTosByRtLastSeen", + "using": { + "foreign_key_constraint_on": { + "column": "rt_last_seen", + "table": { + "schema": "public", + "name": "rule_to" + } + } + } + }, + { + "name": "ruleUserResolvedsByRemoved", + "using": { + "foreign_key_constraint_on": { + "column": "removed", + "table": { + "schema": "public", + "name": "rule_user_resolved" + } + } + } + }, + { + "name": "rule_froms", + "using": { + "foreign_key_constraint_on": { + "column": "rf_create", + "table": { + "schema": "public", + "name": "rule_from" + } + } + } + }, + { + "name": "rule_nwobj_resolveds", + "using": { + "foreign_key_constraint_on": { + "column": "created", + "table": { + "schema": "public", + "name": "rule_nwobj_resolved" + } + } + } + }, + { + "name": "rule_services", + "using": { + "foreign_key_constraint_on": { + "column": "rs_create", + "table": { + "schema": "public", + "name": "rule_service" + } + } + } + }, + { + "name": "rule_svc_resolveds", + "using": { + "foreign_key_constraint_on": { + "column": "created", + "table": { + "schema": "public", + "name": "rule_svc_resolved" + } + } + } + }, + { + "name": "rule_tos", + "using": { + "foreign_key_constraint_on": { + "column": "rt_create", + "table": { + "schema": "public", + "name": "rule_to" + } + } + } + }, + { + "name": "rule_user_resolveds", + "using": { + "foreign_key_constraint_on": { + "column": "created", + "table": { + "schema": "public", + "name": "rule_user_resolved" + } + } + } + }, + { + "name": "rules", + "using": { + "foreign_key_constraint_on": { + "column": "rule_create", + "table": { + "schema": "public", + "name": "rule" + } + } + } + }, + { + "name": "rulesByRuleLastSeen", + "using": { + "foreign_key_constraint_on": { + "column": "rule_last_seen", + "table": { + "schema": "public", + "name": "rule" + } + } + } + }, + { + "name": "services", + "using": { + "foreign_key_constraint_on": { + "column": "svc_create", + "table": { + "schema": "public", + "name": "service" + } + } + } + }, + { + "name": "servicesBySvcLastSeen", + "using": { + "foreign_key_constraint_on": { + "column": "svc_last_seen", + "table": { + "schema": "public", + "name": "service" + } + } + } + }, + { + "name": "svcgrpFlatsByImportLastSeen", + "using": { + "foreign_key_constraint_on": { + "column": "import_last_seen", + "table": { + "schema": "public", + "name": "svcgrp_flat" + } + } + } + }, + { + "name": "svcgrp_flats", + "using": { + "foreign_key_constraint_on": { + "column": "import_created", + "table": { + "schema": "public", + "name": "svcgrp_flat" + } + } + } + }, + { + "name": "svcgrps", + "using": { + "foreign_key_constraint_on": { + "column": "import_created", + "table": { + "schema": "public", + "name": "svcgrp" + } + } + } + }, + { + "name": "svcgrpsByImportLastSeen", + "using": { + "foreign_key_constraint_on": { + "column": "import_last_seen", + "table": { + "schema": "public", + "name": "svcgrp" + } + } + } + }, + { + "name": "usergrpFlatsByImportLastSeen", + "using": { + "foreign_key_constraint_on": { + "column": "import_last_seen", + "table": { + "schema": "public", + "name": "usergrp_flat" + } + } + } + }, + { + "name": "usergrp_flats", + "using": { + "foreign_key_constraint_on": { + "column": "import_created", + "table": { + "schema": "public", + "name": "usergrp_flat" + } + } + } + }, + { + "name": "usergrps", + "using": { + "foreign_key_constraint_on": { + "column": "import_created", + "table": { + "schema": "public", + "name": "usergrp" + } + } + } + }, + { + "name": "usergrpsByImportLastSeen", + "using": { + "foreign_key_constraint_on": { + "column": "import_last_seen", + "table": { + "schema": "public", + "name": "usergrp" + } + } + } + }, + { + "name": "usrs", + "using": { + "foreign_key_constraint_on": { + "column": "user_create", + "table": { + "schema": "public", + "name": "usr" + } + } + } + }, + { + "name": "usrsByUserLastSeen", + "using": { + "foreign_key_constraint_on": { + "column": "user_last_seen", + "table": { + "schema": "public", + "name": "usr" + } + } + } + }, + { + "name": "zones", + "using": { + "foreign_key_constraint_on": { + "column": "zone_create", + "table": { + "schema": "public", + "name": "zone" + } + } + } + }, + { + "name": "zonesByZoneLastSeen", + "using": { + "foreign_key_constraint_on": { + "column": "zone_last_seen", + "table": { + "schema": "public", + "name": "zone" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "control_id", + "start_time", + "stop_time", + "is_initial_import", + "delimiter_group", + "delimiter_zone", + "delimiter_user", + "delimiter_list", + "mgm_id", + "last_change_in_config", + "successful_import", + "changes_found", + "import_errors" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "changes_found", + "is_initial_import", + "successful_import", + "mgm_id", + "control_id", + "last_change_in_config", + "start_time", + "stop_time", + "delimiter_group", + "delimiter_list", + "delimiter_user", + "delimiter_zone", + "import_errors" + ], + "filter": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "changes_found", + "is_initial_import", + "successful_import", + "mgm_id", + "control_id", + "last_change_in_config", + "start_time", + "stop_time", + "delimiter_group", + "delimiter_list", + "delimiter_user", + "delimiter_zone", + "import_errors" + ], + "filter": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "control_id", + "start_time", + "stop_time", + "is_initial_import", + "delimiter_group", + "delimiter_zone", + "delimiter_user", + "delimiter_list", + "mgm_id", + "last_change_in_config", + "successful_import", + "changes_found", + "import_errors" + ], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "import_object" + }, + "object_relationships": [ + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "control_id" + } + } + ], + "insert_permissions": [ + { + "role": "importer", + "permission": { + "check": {}, + "columns": [ + "obj_id", + "obj_zone", + "obj_name", + "obj_typ", + "obj_member_names", + "obj_member_refs", + "obj_member_excludes", + "obj_sw", + "obj_ip", + "obj_ip_end", + "obj_color", + "obj_comment", + "obj_location", + "control_id", + "obj_uid", + "last_change_admin", + "last_change_time", + "obj_scope" + ], + "backend_only": false + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "import_rule" + }, + "object_relationships": [ + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "control_id" + } + } + ], + "insert_permissions": [ + { + "role": "importer", + "permission": { + "check": {}, + "columns": [ + "control_id", + "rule_id", + "rulebase_name", + "rule_num", + "rule_uid", + "rule_ruleid", + "rule_name", + "rule_sysid", + "rule_disabled", + "rule_src_neg", + "rule_dst_neg", + "rule_svc_neg", + "rule_implied", + "rule_src", + "rule_dst", + "rule_from_zone", + "rule_to_zone", + "rule_svc", + "rule_action", + "rule_track", + "rule_installon", + "rule_time", + "rule_comment", + "rule_head_text", + "last_change_admin", + "last_change_time", + "rule_scope", + "rule_src_refs", + "rule_dst_refs", + "rule_svc_refs" + ], + "backend_only": false + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "import_service" + }, + "object_relationships": [ + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "control_id" + } + } + ], + "insert_permissions": [ + { + "role": "importer", + "permission": { + "check": {}, + "columns": [ + "svc_id", + "control_id", + "svc_typ", + "svc_name", + "svc_comment", + "svc_color", + "ip_proto", + "svc_prod_specific", + "rpc_nr", + "svc_uid", + "svc_port", + "svc_port_end", + "svc_source_port", + "svc_source_port_end", + "svc_timeout_std", + "svc_timeout", + "svc_member_names", + "svc_member_refs", + "last_change_admin", + "last_change_time", + "svc_scope" + ] + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "import_user" + }, + "object_relationships": [ + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "control_id" + } + } + ], + "insert_permissions": [ + { + "role": "importer", + "permission": { + "check": {}, + "columns": [ + "user_id", + "control_id", + "user_color", + "user_name", + "user_typ", + "user_comment", + "user_authmethod", + "user_valid_from", + "user_valid_until", + "user_member_names", + "user_member_refs", + "user_uid", + "user_firstname", + "user_lastname", + "src_restrict", + "dst_restrict", + "time_restrict", + "last_change_admin", + "last_change_time", + "user_scope" + ], + "backend_only": false + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "import_zone" + }, + "object_relationships": [ + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "control_id" + } + } + ], + "insert_permissions": [ + { + "role": "importer", + "permission": { + "check": {}, + "columns": ["control_id", "zone_name", "last_change_time"], + "backend_only": false + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "language" + }, + "array_relationships": [ + { + "name": "txts", + "using": { + "foreign_key_constraint_on": { + "column": "language", + "table": { + "schema": "public", + "name": "txt" + } + } + } + }, + { + "name": "uiusers", + "using": { + "foreign_key_constraint_on": { + "column": "uiuser_language", + "table": { + "schema": "public", + "name": "uiuser" + } + } + } + } + ], + "select_permissions": [ + { + "role": "anonymous", + "permission": { + "columns": ["name", "culture_info"], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "auditor", + "permission": { + "columns": ["culture_info", "name"], + "filter": {} + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "ldap_connection" + }, + "object_relationships": [ + { + "name": "tenant", + "using": { + "foreign_key_constraint_on": "tenant_id" + } + } + ], + "array_relationships": [ + { + "name": "uiusers", + "using": { + "foreign_key_constraint_on": { + "column": "ldap_connection_id", + "table": { + "schema": "public", + "name": "uiuser" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "ldap_connection_id", + "ldap_name", + "ldap_pattern_length", + "ldap_port", + "ldap_search_user", + "ldap_search_user_pwd", + "ldap_searchpath_for_groups", + "ldap_searchpath_for_roles", + "ldap_searchpath_for_users", + "ldap_server", + "ldap_tenant_level", + "ldap_tls", + "ldap_type", + "ldap_write_user", + "ldap_write_user_pwd", + "tenant_id" + ], + "filter": {} + } + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "ldap_connection_id", + "ldap_name", + "ldap_pattern_length", + "ldap_port", + "ldap_search_user", + "ldap_search_user_pwd", + "ldap_searchpath_for_groups", + "ldap_searchpath_for_roles", + "ldap_searchpath_for_users", + "ldap_server", + "ldap_tenant_level", + "ldap_tls", + "ldap_type", + "ldap_write_user", + "ldap_write_user_pwd", + "tenant_id" + ], + "filter": {} + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "management" + }, + "object_relationships": [ + { + "name": "stm_dev_typ", + "using": { + "foreign_key_constraint_on": "dev_typ_id" + } + }, + { + "name": "tenant", + "using": { + "foreign_key_constraint_on": "tenant_id" + } + } + ], + "array_relationships": [ + { + "name": "changelog_objects", + "using": { + "foreign_key_constraint_on": { + "column": "mgm_id", + "table": { + "schema": "public", + "name": "changelog_object" + } + } + } + }, + { + "name": "changelog_rules", + "using": { + "foreign_key_constraint_on": { + "column": "mgm_id", + "table": { + "schema": "public", + "name": "changelog_rule" + } + } + } + }, + { + "name": "changelog_services", + "using": { + "foreign_key_constraint_on": { + "column": "mgm_id", + "table": { + "schema": "public", + "name": "changelog_service" + } + } + } + }, + { + "name": "changelog_users", + "using": { + "foreign_key_constraint_on": { + "column": "mgm_id", + "table": { + "schema": "public", + "name": "changelog_user" + } + } + } + }, + { + "name": "devices", + "using": { + "foreign_key_constraint_on": { + "column": "mgm_id", + "table": { + "schema": "public", + "name": "device" + } + } + } + }, + { + "name": "import_controls", + "using": { + "foreign_key_constraint_on": { + "column": "mgm_id", + "table": { + "schema": "public", + "name": "import_control" + } + } + } + }, + { + "name": "objects", + "using": { + "foreign_key_constraint_on": { + "column": "mgm_id", + "table": { + "schema": "public", + "name": "object" + } + } + } + }, + { + "name": "rule_nwobj_resolveds", + "using": { + "foreign_key_constraint_on": { + "column": "mgm_id", + "table": { + "schema": "public", + "name": "rule_nwobj_resolved" + } + } + } + }, + { + "name": "rule_svc_resolveds", + "using": { + "foreign_key_constraint_on": { + "column": "mgm_id", + "table": { + "schema": "public", + "name": "rule_svc_resolved" + } + } + } + }, + { + "name": "rule_user_resolveds", + "using": { + "foreign_key_constraint_on": { + "column": "mgm_id", + "table": { + "schema": "public", + "name": "rule_user_resolved" + } + } + } + }, + { + "name": "rules", + "using": { + "foreign_key_constraint_on": { + "column": "mgm_id", + "table": { + "schema": "public", + "name": "rule" + } + } + } + }, + { + "name": "services", + "using": { + "foreign_key_constraint_on": { + "column": "mgm_id", + "table": { + "schema": "public", + "name": "service" + } + } + } + }, + { + "name": "usrs", + "using": { + "foreign_key_constraint_on": { + "column": "mgm_id", + "table": { + "schema": "public", + "name": "usr" + } + } + } + }, + { + "name": "zones", + "using": { + "foreign_key_constraint_on": { + "column": "mgm_id", + "table": { + "schema": "public", + "name": "zone" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "mgm_id", + "dev_typ_id", + "mgm_name", + "mgm_comment", + "tenant_id", + "mgm_create", + "mgm_update", + "ssh_public_key", + "ssh_private_key", + "ssh_hostname", + "ssh_port", + "ssh_user", + "last_import_md5_complete_config", + "last_import_md5_rules", + "last_import_md5_objects", + "last_import_md5_users", + "do_not_import", + "clearing_import_ran", + "force_initial_import", + "config_path", + "hide_in_gui", + "importer_hostname", + "debug_level" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "clearing_import_ran", + "tenant_id", + "config_path", + "dev_typ_id", + "do_not_import", + "force_initial_import", + "hide_in_gui", + "importer_hostname", + "mgm_comment", + "mgm_create", + "mgm_id", + "mgm_name", + "mgm_update" + ], + "filter": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "clearing_import_ran", + "tenant_id", + "config_path", + "dev_typ_id", + "do_not_import", + "force_initial_import", + "hide_in_gui", + "importer_hostname", + "mgm_comment", + "mgm_create", + "mgm_id", + "mgm_name", + "mgm_update" + ], + "filter": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "mgm_id", + "dev_typ_id", + "mgm_name", + "mgm_comment", + "tenant_id", + "mgm_create", + "mgm_update", + "ssh_public_key", + "ssh_private_key", + "ssh_hostname", + "ssh_port", + "ssh_user", + "last_import_md5_complete_config", + "last_import_md5_rules", + "last_import_md5_objects", + "last_import_md5_users", + "do_not_import", + "clearing_import_ran", + "force_initial_import", + "config_path", + "hide_in_gui", + "importer_hostname" + ], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "object" + }, + "object_relationships": [ + { + "name": "device", + "using": { + "foreign_key_constraint_on": "obj_nat_install" + } + }, + { + "name": "importControlByObjLastSeen", + "using": { + "foreign_key_constraint_on": "obj_last_seen" + } + }, + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "obj_create" + } + }, + { + "name": "management", + "using": { + "foreign_key_constraint_on": "mgm_id" + } + }, + { + "name": "stm_color", + "using": { + "foreign_key_constraint_on": "obj_color_id" + } + }, + { + "name": "stm_nattyp", + "using": { + "foreign_key_constraint_on": "nattyp_id" + } + }, + { + "name": "stm_obj_typ", + "using": { + "foreign_key_constraint_on": "obj_typ_id" + } + }, + { + "name": "uiuser", + "using": { + "foreign_key_constraint_on": "last_change_admin" + } + }, + { + "name": "zone", + "using": { + "foreign_key_constraint_on": "zone_id" + } + } + ], + "array_relationships": [ + { + "name": "changelogObjectsByOldObjId", + "using": { + "foreign_key_constraint_on": { + "column": "old_obj_id", + "table": { + "schema": "public", + "name": "changelog_object" + } + } + } + }, + { + "name": "changelog_objects", + "using": { + "foreign_key_constraint_on": { + "column": "new_obj_id", + "table": { + "schema": "public", + "name": "changelog_object" + } + } + } + }, + { + "name": "objgrpFlatsByObjgrpFlatMemberId", + "using": { + "foreign_key_constraint_on": { + "column": "objgrp_flat_member_id", + "table": { + "schema": "public", + "name": "objgrp_flat" + } + } + } + }, + { + "name": "objgrp_flats", + "using": { + "foreign_key_constraint_on": { + "column": "objgrp_flat_id", + "table": { + "schema": "public", + "name": "objgrp_flat" + } + } + } + }, + { + "name": "objgrps", + "using": { + "foreign_key_constraint_on": { + "column": "objgrp_id", + "table": { + "schema": "public", + "name": "objgrp" + } + } + } + }, + { + "name": "objgrpsByObjgrpMemberId", + "using": { + "foreign_key_constraint_on": { + "column": "objgrp_member_id", + "table": { + "schema": "public", + "name": "objgrp" + } + } + } + }, + { + "name": "rule_froms", + "using": { + "foreign_key_constraint_on": { + "column": "obj_id", + "table": { + "schema": "public", + "name": "rule_from" + } + } + } + }, + { + "name": "rule_nwobj_resolveds", + "using": { + "foreign_key_constraint_on": { + "column": "obj_id", + "table": { + "schema": "public", + "name": "rule_nwobj_resolved" + } + } + } + }, + { + "name": "rule_tos", + "using": { + "foreign_key_constraint_on": { + "column": "obj_id", + "table": { + "schema": "public", + "name": "rule_to" + } + } + } + }, + { + "name": "tenant_objects", + "using": { + "foreign_key_constraint_on": { + "column": "obj_id", + "table": { + "schema": "public", + "name": "tenant_object" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "obj_id", + "last_change_admin", + "zone_id", + "mgm_id", + "obj_name", + "obj_comment", + "obj_uid", + "obj_typ_id", + "obj_location", + "obj_member_names", + "obj_member_refs", + "initial_config", + "obj_sw", + "obj_ip", + "obj_ip_end", + "obj_nat", + "nattyp_id", + "obj_nat_ip", + "obj_nat_ip_end", + "obj_nat_install", + "obj_color_id", + "obj_sys_name", + "obj_sys_location", + "obj_sys_contact", + "obj_sys_desc", + "obj_sys_readcom", + "obj_sys_writecom", + "active", + "obj_create", + "obj_last_seen" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "obj_id", + "last_change_admin", + "zone_id", + "mgm_id", + "obj_name", + "obj_comment", + "obj_uid", + "obj_typ_id", + "obj_location", + "obj_member_names", + "obj_member_refs", + "initial_config", + "obj_sw", + "obj_ip", + "obj_ip_end", + "obj_nat", + "nattyp_id", + "obj_nat_ip", + "obj_nat_ip_end", + "obj_nat_install", + "obj_color_id", + "obj_sys_name", + "obj_sys_location", + "obj_sys_contact", + "obj_sys_desc", + "obj_sys_readcom", + "obj_sys_writecom", + "active", + "obj_create", + "obj_last_seen" + ], + "filter": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "obj_id", + "last_change_admin", + "zone_id", + "mgm_id", + "obj_name", + "obj_comment", + "obj_uid", + "obj_typ_id", + "obj_location", + "obj_member_names", + "obj_member_refs", + "initial_config", + "obj_sw", + "obj_ip", + "obj_ip_end", + "obj_nat", + "nattyp_id", + "obj_nat_ip", + "obj_nat_ip_end", + "obj_nat_install", + "obj_color_id", + "obj_sys_name", + "obj_sys_location", + "obj_sys_contact", + "obj_sys_desc", + "obj_sys_readcom", + "obj_sys_writecom", + "active", + "obj_create", + "obj_last_seen" + ], + "filter": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "obj_id", + "last_change_admin", + "zone_id", + "mgm_id", + "obj_name", + "obj_comment", + "obj_uid", + "obj_typ_id", + "obj_location", + "obj_member_names", + "obj_member_refs", + "initial_config", + "obj_sw", + "obj_ip", + "obj_ip_end", + "obj_nat", + "nattyp_id", + "obj_nat_ip", + "obj_nat_ip_end", + "obj_nat_install", + "obj_color_id", + "obj_sys_name", + "obj_sys_location", + "obj_sys_contact", + "obj_sys_desc", + "obj_sys_readcom", + "obj_sys_writecom", + "active", + "obj_create", + "obj_last_seen" + ], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "objgrp" + }, + "object_relationships": [ + { + "name": "importControlByImportLastSeen", + "using": { + "foreign_key_constraint_on": "import_last_seen" + } + }, + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "import_created" + } + }, + { + "name": "object", + "using": { + "foreign_key_constraint_on": "objgrp_id" + } + }, + { + "name": "objectByObjgrpMemberId", + "using": { + "foreign_key_constraint_on": "objgrp_member_id" + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "objgrp_id", + "objgrp_member_id", + "import_created", + "import_last_seen", + "active", + "negated" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "objgrp_id", + "objgrp_member_id", + "import_created", + "import_last_seen", + "active", + "negated" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "objgrp_id", + "objgrp_member_id", + "import_created", + "import_last_seen", + "active", + "negated" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "objgrp_id", + "objgrp_member_id", + "import_created", + "import_last_seen", + "active", + "negated" + ], + "filter": {} + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "objgrp_flat" + }, + "object_relationships": [ + { + "name": "importControlByImportLastSeen", + "using": { + "foreign_key_constraint_on": "import_last_seen" + } + }, + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "import_created" + } + }, + { + "name": "object", + "using": { + "foreign_key_constraint_on": "objgrp_flat_id" + } + }, + { + "name": "objectByObjgrpFlatMemberId", + "using": { + "foreign_key_constraint_on": "objgrp_flat_member_id" + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "objgrp_flat_id", + "objgrp_flat_member_id", + "active", + "import_created", + "import_last_seen", + "negated" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "objgrp_flat_id", + "objgrp_flat_member_id", + "active", + "import_created", + "import_last_seen", + "negated" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "objgrp_flat_id", + "objgrp_flat_member_id", + "active", + "import_created", + "import_last_seen", + "negated" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "objgrp_flat_id", + "objgrp_flat_member_id", + "active", + "import_created", + "import_last_seen", + "negated" + ], + "filter": {} + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "parent_rule_type" + }, + "array_relationships": [ + { + "name": "rules", + "using": { + "foreign_key_constraint_on": { + "column": "parent_rule_type", + "table": { + "schema": "public", + "name": "rule" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": ["id", "name"], + "filter": {} + } + }, + { + "role": "importer", + "permission": { + "columns": ["id", "name"], + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": ["id", "name"], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": ["id", "name"], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": ["id", "name"], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "report" + }, + "object_relationships": [ + { + "name": "report_template", + "using": { + "foreign_key_constraint_on": "report_template_id" + } + }, + { + "name": "tenant", + "using": { + "foreign_key_constraint_on": "tenant_wide_visible" + } + }, + { + "name": "uiuser", + "using": { + "foreign_key_constraint_on": "report_owner_id" + } + } + ], + "insert_permissions": [ + { + "role": "auditor", + "permission": { + "check": {}, + "columns": [ + "report_id", + "report_template_id", + "report_start_time", + "report_end_time", + "report_json", + "report_pdf", + "report_csv", + "report_html", + "report_name", + "report_owner_id", + "tenant_wide_visible" + ], + "backend_only": false + } + }, + { + "role": "middleware-server", + "permission": { + "check": {}, + "columns": [ + "report_id", + "report_template_id", + "report_start_time", + "report_end_time", + "report_json", + "report_pdf", + "report_csv", + "report_html", + "report_name", + "report_owner_id", + "tenant_wide_visible" + ], + "backend_only": false + } + }, + { + "role": "recertifier", + "permission": { + "check": {}, + "columns": [ + "report_id", + "report_template_id", + "report_start_time", + "report_end_time", + "report_json", + "report_pdf", + "report_csv", + "report_html", + "report_name", + "report_owner_id", + "tenant_wide_visible" + ], + "backend_only": false + } + }, + { + "role": "reporter", + "permission": { + "check": {}, + "columns": [ + "report_id", + "report_template_id", + "report_start_time", + "report_end_time", + "report_json", + "report_pdf", + "report_csv", + "report_html", + "report_name", + "report_owner_id", + "tenant_wide_visible" + ], + "backend_only": false + } + }, + { + "role": "reporter-viewall", + "permission": { + "check": {}, + "columns": [ + "report_id", + "report_template_id", + "report_start_time", + "report_end_time", + "report_json", + "report_pdf", + "report_csv", + "report_html", + "report_name", + "report_owner_id", + "tenant_wide_visible" + ], + "backend_only": false + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "report_id", + "report_template_id", + "report_start_time", + "report_end_time", + "report_json", + "report_pdf", + "report_csv", + "report_html", + "report_name", + "report_owner_id", + "tenant_wide_visible" + ], + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "report_pdf", + "report_owner_id", + "report_template_id", + "tenant_wide_visible", + "report_id", + "report_json", + "report_csv", + "report_html", + "report_end_time", + "report_start_time", + "report_name" + ], + "filter": { + "report_owner_id": { + "_eq": "X-Hasura-User-Id" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "report_pdf", + "report_owner_id", + "report_template_id", + "tenant_wide_visible", + "report_id", + "report_json", + "report_csv", + "report_html", + "report_end_time", + "report_start_time", + "report_name" + ], + "filter": { + "report_owner_id": { + "_eq": "X-Hasura-User-Id" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "report_pdf", + "report_owner_id", + "report_template_id", + "tenant_wide_visible", + "report_id", + "report_json", + "report_csv", + "report_html", + "report_end_time", + "report_start_time", + "report_name" + ], + "filter": { + "report_owner_id": { + "_eq": "X-Hasura-User-Id" + } + }, + "allow_aggregations": true + } + } + ], + "update_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "report_owner_id", + "report_template_id", + "tenant_wide_visible", + "report_id", + "report_json", + "report_csv", + "report_html", + "report_pdf", + "report_end_time", + "report_start_time", + "report_name" + ], + "filter": { + "report_owner_id": { + "_eq": "X-Hasura-User-Id" + } + }, + "check": null + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "report_pdf", + "report_owner_id", + "report_template_id", + "tenant_wide_visible", + "report_id", + "report_json", + "report_csv", + "report_html", + "report_end_time", + "report_start_time", + "report_name" + ], + "filter": { + "report_owner_id": { + "_eq": "X-Hasura-User-Id" + } + }, + "check": null + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "report_pdf", + "report_owner_id", + "report_template_id", + "tenant_wide_visible", + "report_id", + "report_json", + "report_csv", + "report_html", + "report_end_time", + "report_start_time", + "report_name" + ], + "filter": { + "report_owner_id": { + "_eq": "X-Hasura-User-Id" + } + }, + "check": null + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "report_pdf", + "report_owner_id", + "report_template_id", + "tenant_wide_visible", + "report_id", + "report_json", + "report_csv", + "report_html", + "report_end_time", + "report_start_time", + "report_name" + ], + "filter": { + "report_owner_id": { + "_eq": "X-Hasura-User-Id" + } + }, + "check": null + } + } + ], + "delete_permissions": [ + { + "role": "auditor", + "permission": { + "filter": { + "report_owner_id": { + "_eq": "X-Hasura-User-Id" + } + } + } + }, + { + "role": "recertifier", + "permission": { + "filter": { + "report_owner_id": { + "_eq": "X-Hasura-User-Id" + } + } + } + }, + { + "role": "reporter", + "permission": { + "filter": { + "report_owner_id": { + "_eq": "X-Hasura-User-Id" + } + } + } + }, + { + "role": "reporter-viewall", + "permission": { + "filter": { + "report_owner_id": { + "_eq": "X-Hasura-User-Id" + } + } + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "report_format" + }, + "array_relationships": [ + { + "name": "report_schedule_formats", + "using": { + "foreign_key_constraint_on": { + "column": "report_schedule_format_name", + "table": { + "schema": "public", + "name": "report_schedule_format" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": ["report_format_name"], + "filter": {} + } + }, + { + "role": "middleware-server", + "permission": { + "columns": ["report_format_name"], + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": ["report_format_name"], + "filter": {} + } + }, + { + "role": "reporter", + "permission": { + "columns": ["report_format_name"], + "filter": {} + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": ["report_format_name"], + "filter": {} + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "report_schedule" + }, + "object_relationships": [ + { + "name": "report_template", + "using": { + "foreign_key_constraint_on": "report_template_id" + } + }, + { + "name": "uiuser", + "using": { + "foreign_key_constraint_on": "report_schedule_owner" + } + } + ], + "array_relationships": [ + { + "name": "report_schedule_formats", + "using": { + "foreign_key_constraint_on": { + "column": "report_schedule_id", + "table": { + "schema": "public", + "name": "report_schedule_format" + } + } + } + } + ], + "insert_permissions": [ + { + "role": "auditor", + "permission": { + "check": {}, + "columns": [ + "report_schedule_active", + "report_schedule_every", + "report_schedule_id", + "report_schedule_name", + "report_schedule_owner", + "report_schedule_repeat", + "report_schedule_start_time", + "report_template_id" + ], + "backend_only": false + } + }, + { + "role": "recertifier", + "permission": { + "check": {}, + "columns": [ + "report_schedule_active", + "report_schedule_every", + "report_schedule_id", + "report_schedule_name", + "report_schedule_owner", + "report_schedule_repeat", + "report_schedule_repetitions", + "report_schedule_start_time", + "report_template_id" + ], + "backend_only": false + } + }, + { + "role": "reporter", + "permission": { + "check": {}, + "columns": [ + "report_schedule_active", + "report_schedule_every", + "report_schedule_id", + "report_schedule_name", + "report_schedule_owner", + "report_schedule_repeat", + "report_schedule_repetitions", + "report_schedule_start_time", + "report_template_id" + ], + "backend_only": false + } + }, + { + "role": "reporter-viewall", + "permission": { + "check": {}, + "columns": [ + "report_schedule_active", + "report_schedule_every", + "report_schedule_id", + "report_schedule_name", + "report_schedule_owner", + "report_schedule_repeat", + "report_schedule_repetitions", + "report_schedule_start_time", + "report_template_id" + ], + "backend_only": false + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "report_schedule_id", + "report_schedule_name", + "report_template_id", + "report_schedule_owner", + "report_schedule_start_time", + "report_schedule_repeat", + "report_schedule_every", + "report_schedule_active", + "report_schedule_repetitions" + ], + "filter": {} + } + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "report_schedule_id", + "report_schedule_name", + "report_template_id", + "report_schedule_owner", + "report_schedule_start_time", + "report_schedule_repeat", + "report_schedule_every", + "report_schedule_active", + "report_schedule_repetitions" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "report_schedule_active", + "report_schedule_every", + "report_schedule_id", + "report_schedule_name", + "report_schedule_owner", + "report_schedule_repeat", + "report_schedule_repetitions", + "report_schedule_start_time", + "report_template_id" + ], + "filter": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "report_schedule_active", + "report_schedule_every", + "report_schedule_id", + "report_schedule_name", + "report_schedule_owner", + "report_schedule_repeat", + "report_schedule_repetitions", + "report_schedule_start_time", + "report_template_id" + ], + "filter": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "report_schedule_active", + "report_schedule_every", + "report_schedule_id", + "report_schedule_name", + "report_schedule_owner", + "report_schedule_repeat", + "report_schedule_repetitions", + "report_schedule_start_time", + "report_template_id" + ], + "filter": { + "_or": [ + { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + }, + { + "_exists": { + "_where": { + "uiuser_id": { + "_eq": "X-Hasura-User-Id" + } + }, + "_table": { + "schema": "public", + "name": "report_template_viewable_by_user" + } + } + }, + { + "_exists": { + "_where": { + "tenant_id": { + "_eq": "X-Hasura-Tenant-Id" + } + }, + "_table": { + "schema": "public", + "name": "report_template_viewable_by_tenant" + } + } + } + ] + } + } + } + ], + "update_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "report_schedule_active", + "report_schedule_every", + "report_schedule_id", + "report_schedule_name", + "report_schedule_owner", + "report_schedule_repeat", + "report_schedule_start_time", + "report_template_id" + ], + "filter": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + }, + "check": null + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "report_schedule_active", + "report_schedule_every", + "report_schedule_id", + "report_schedule_name", + "report_schedule_owner", + "report_schedule_repeat", + "report_schedule_repetitions", + "report_schedule_start_time", + "report_template_id" + ], + "filter": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + }, + "check": null + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "report_schedule_active", + "report_schedule_every", + "report_schedule_id", + "report_schedule_name", + "report_schedule_owner", + "report_schedule_repeat", + "report_schedule_repetitions", + "report_schedule_start_time", + "report_template_id" + ], + "filter": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + }, + "check": null + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "report_schedule_active", + "report_schedule_every", + "report_schedule_id", + "report_schedule_name", + "report_schedule_owner", + "report_schedule_repeat", + "report_schedule_repetitions", + "report_schedule_start_time", + "report_template_id" + ], + "filter": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + }, + "check": null + } + } + ], + "delete_permissions": [ + { + "role": "auditor", + "permission": { + "filter": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + }, + { + "role": "recertifier", + "permission": { + "filter": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + }, + { + "role": "reporter", + "permission": { + "filter": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + }, + { + "role": "reporter-viewall", + "permission": { + "filter": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "report_schedule_format" + }, + "object_relationships": [ + { + "name": "report_format", + "using": { + "foreign_key_constraint_on": "report_schedule_format_name" + } + }, + { + "name": "report_schedule", + "using": { + "foreign_key_constraint_on": "report_schedule_id" + } + } + ], + "insert_permissions": [ + { + "role": "auditor", + "permission": { + "check": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + }, + "columns": [ + "report_schedule_format_name", + "report_schedule_id" + ], + "backend_only": false + } + }, + { + "role": "recertifier", + "permission": { + "check": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + }, + "columns": [ + "report_schedule_format_name", + "report_schedule_id" + ], + "backend_only": false + } + }, + { + "role": "reporter", + "permission": { + "check": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + }, + "columns": [ + "report_schedule_format_name", + "report_schedule_id" + ], + "backend_only": false + } + }, + { + "role": "reporter-viewall", + "permission": { + "check": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + }, + "columns": [ + "report_schedule_format_name", + "report_schedule_id" + ], + "backend_only": false + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "report_schedule_format_name", + "report_schedule_id" + ], + "filter": {} + } + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "report_schedule_format_name", + "report_schedule_id" + ], + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "report_schedule_format_name", + "report_schedule_id" + ], + "filter": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "report_schedule_format_name", + "report_schedule_id" + ], + "filter": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "report_schedule_format_name", + "report_schedule_id" + ], + "filter": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + } + } + ], + "update_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "report_schedule_id", + "report_schedule_format_name" + ], + "filter": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + }, + "check": null + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "report_schedule_format_name", + "report_schedule_id" + ], + "filter": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + }, + "check": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "report_schedule_format_name", + "report_schedule_id" + ], + "filter": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + }, + "check": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "report_schedule_format_name", + "report_schedule_id" + ], + "filter": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + }, + "check": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + } + } + ], + "delete_permissions": [ + { + "role": "auditor", + "permission": { + "filter": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + } + }, + { + "role": "recertifier", + "permission": { + "filter": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + } + }, + { + "role": "reporter", + "permission": { + "filter": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + } + }, + { + "role": "reporter-viewall", + "permission": { + "filter": { + "report_schedule": { + "report_schedule_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "report_template" + }, + "object_relationships": [ + { + "name": "uiuser", + "using": { + "foreign_key_constraint_on": "report_template_owner" + } + } + ], + "array_relationships": [ + { + "name": "report_schedules", + "using": { + "foreign_key_constraint_on": { + "column": "report_template_id", + "table": { + "schema": "public", + "name": "report_schedule" + } + } + } + }, + { + "name": "report_template_viewable_by_tenants", + "using": { + "foreign_key_constraint_on": { + "column": "report_template_id", + "table": { + "schema": "public", + "name": "report_template_viewable_by_tenant" + } + } + } + }, + { + "name": "report_template_viewable_by_users", + "using": { + "foreign_key_constraint_on": { + "column": "report_template_id", + "table": { + "schema": "public", + "name": "report_template_viewable_by_user" + } + } + } + }, + { + "name": "reports", + "using": { + "foreign_key_constraint_on": { + "column": "report_template_id", + "table": { + "schema": "public", + "name": "report" + } + } + } + } + ], + "insert_permissions": [ + { + "role": "auditor", + "permission": { + "check": {}, + "columns": [ + "report_template_id", + "report_filter", + "report_template_name", + "report_template_comment", + "report_template_create", + "report_template_owner", + "filterline_history" + ], + "backend_only": false + } + }, + { + "role": "recertifier", + "permission": { + "check": {}, + "columns": [ + "report_template_id", + "report_filter", + "report_template_name", + "report_template_comment", + "report_template_create", + "report_template_owner", + "filterline_history" + ], + "backend_only": false + } + }, + { + "role": "reporter", + "permission": { + "check": {}, + "columns": [ + "report_template_id", + "report_filter", + "report_template_name", + "report_template_comment", + "report_template_create", + "report_template_owner", + "filterline_history" + ], + "backend_only": false + } + }, + { + "role": "reporter-viewall", + "permission": { + "check": {}, + "columns": [ + "report_template_id", + "report_filter", + "report_template_name", + "report_template_comment", + "report_template_create", + "report_template_owner", + "filterline_history" + ], + "backend_only": false + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "report_template_id", + "report_filter", + "report_template_name", + "report_template_comment", + "report_template_create", + "report_template_owner", + "filterline_history" + ], + "filter": {} + } + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "report_template_id", + "report_filter", + "report_template_name", + "report_template_comment", + "report_template_create", + "report_template_owner", + "filterline_history" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "filterline_history", + "report_template_id", + "report_template_owner", + "report_template_comment", + "report_template_create", + "report_filter", + "report_template_name" + ], + "filter": { + "_or": [ + { + "report_template_owner": { + "_eq": 0 + } + }, + { + "report_template_owner": { + "_eq": "X-Hasura-User-Id" + } + } + ] + } + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "filterline_history", + "report_template_id", + "report_template_owner", + "report_template_comment", + "report_template_create", + "report_filter", + "report_template_name" + ], + "filter": { + "_or": [ + { + "report_template_owner": { + "_eq": 0 + } + }, + { + "report_template_owner": { + "_eq": "X-Hasura-User-Id" + } + } + ] + } + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "filterline_history", + "report_template_id", + "report_template_owner", + "report_template_comment", + "report_template_create", + "report_filter", + "report_template_name" + ], + "filter": { + "_or": [ + { + "report_template_owner": { + "_eq": 0 + } + }, + { + "report_template_owner": { + "_eq": "X-Hasura-User-Id" + } + } + ] + } + } + } + ], + "update_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "filterline_history", + "report_template_id", + "report_template_owner", + "report_template_comment", + "report_template_create", + "report_filter", + "report_template_name" + ], + "filter": { + "report_template_owner": { + "_eq": "X-Hasura-User-Id" + } + }, + "check": null + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "filterline_history", + "report_template_id", + "report_template_owner", + "report_template_comment", + "report_template_create", + "report_filter", + "report_template_name" + ], + "filter": { + "report_template_owner": { + "_eq": "X-Hasura-User-Id" + } + }, + "check": null + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "filterline_history", + "report_template_id", + "report_template_owner", + "report_template_comment", + "report_template_create", + "report_filter", + "report_template_name" + ], + "filter": { + "report_template_owner": { + "_eq": "X-Hasura-User-Id" + } + }, + "check": null + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "filterline_history", + "report_template_id", + "report_template_owner", + "report_template_comment", + "report_template_create", + "report_filter", + "report_template_name" + ], + "filter": { + "report_template_owner": { + "_eq": "X-Hasura-User-Id" + } + }, + "check": null + } + } + ], + "delete_permissions": [ + { + "role": "auditor", + "permission": { + "filter": { + "report_template_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + }, + { + "role": "recertifier", + "permission": { + "filter": { + "report_template_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + }, + { + "role": "reporter", + "permission": { + "filter": { + "report_template_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + }, + { + "role": "reporter-viewall", + "permission": { + "filter": { + "report_template_owner": { + "_eq": "X-Hasura-User-Id" + } + } + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "report_template_viewable_by_tenant" + }, + "object_relationships": [ + { + "name": "report_template", + "using": { + "foreign_key_constraint_on": "report_template_id" + } + }, + { + "name": "tenant", + "using": { + "foreign_key_constraint_on": "tenant_id" + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "report_template_viewable_by_user" + }, + "object_relationships": [ + { + "name": "report_template", + "using": { + "foreign_key_constraint_on": "report_template_id" + } + }, + { + "name": "uiuser", + "using": { + "foreign_key_constraint_on": "uiuser_id" + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "request" + }, + "object_relationships": [ + { + "name": "request_type", + "using": { + "foreign_key_constraint_on": "request_type_id" + } + }, + { + "name": "tenant", + "using": { + "foreign_key_constraint_on": "tenant_id" + } + } + ], + "array_relationships": [ + { + "name": "request_object_changes", + "using": { + "foreign_key_constraint_on": { + "column": "request_id", + "table": { + "schema": "public", + "name": "request_object_change" + } + } + } + }, + { + "name": "request_rule_changes", + "using": { + "foreign_key_constraint_on": { + "column": "request_id", + "table": { + "schema": "public", + "name": "request_rule_change" + } + } + } + }, + { + "name": "request_service_changes", + "using": { + "foreign_key_constraint_on": { + "column": "request_id", + "table": { + "schema": "public", + "name": "request_service_change" + } + } + } + }, + { + "name": "request_user_changes", + "using": { + "foreign_key_constraint_on": { + "column": "request_id", + "table": { + "schema": "public", + "name": "request_user_change" + } + } + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "request_object_change" + }, + "object_relationships": [ + { + "name": "changelog_object", + "using": { + "foreign_key_constraint_on": "log_obj_id" + } + }, + { + "name": "request", + "using": { + "foreign_key_constraint_on": "request_id" + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "request_rule_change" + }, + "object_relationships": [ + { + "name": "changelog_rule", + "using": { + "foreign_key_constraint_on": "log_rule_id" + } + }, + { + "name": "request", + "using": { + "foreign_key_constraint_on": "request_id" + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "request_service_change" + }, + "object_relationships": [ + { + "name": "changelog_service", + "using": { + "foreign_key_constraint_on": "log_svc_id" + } + }, + { + "name": "request", + "using": { + "foreign_key_constraint_on": "request_id" + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "request_type" + }, + "array_relationships": [ + { + "name": "requests", + "using": { + "foreign_key_constraint_on": { + "column": "request_type_id", + "table": { + "schema": "public", + "name": "request" + } + } + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "request_user_change" + }, + "object_relationships": [ + { + "name": "changelog_user", + "using": { + "foreign_key_constraint_on": "log_usr_id" + } + }, + { + "name": "request", + "using": { + "foreign_key_constraint_on": "request_id" + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "rule" + }, + "object_relationships": [ + { + "name": "device", + "using": { + "foreign_key_constraint_on": "dev_id" + } + }, + { + "name": "importControlByRuleLastSeen", + "using": { + "foreign_key_constraint_on": "rule_last_seen" + } + }, + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "rule_create" + } + }, + { + "name": "management", + "using": { + "foreign_key_constraint_on": "mgm_id" + } + }, + { + "name": "parentRuleTypeByParentRuleType", + "using": { + "foreign_key_constraint_on": "parent_rule_type" + } + }, + { + "name": "rule", + "using": { + "foreign_key_constraint_on": "parent_rule_id" + } + }, + { + "name": "rule_metadatum", + "using": { + "manual_configuration": { + "remote_table": { + "schema": "public", + "name": "rule_metadata" + }, + "insertion_order": null, + "column_mapping": { + "dev_id": "dev_id", + "rule_uid": "rule_uid" + } + } + } + }, + { + "name": "stm_action", + "using": { + "foreign_key_constraint_on": "action_id" + } + }, + { + "name": "stm_track", + "using": { + "foreign_key_constraint_on": "track_id" + } + }, + { + "name": "uiuser", + "using": { + "foreign_key_constraint_on": "last_change_admin" + } + }, + { + "name": "zone", + "using": { + "foreign_key_constraint_on": "rule_from_zone" + } + }, + { + "name": "zoneByRuleToZone", + "using": { + "foreign_key_constraint_on": "rule_to_zone" + } + } + ], + "array_relationships": [ + { + "name": "changelogRulesByOldRuleId", + "using": { + "foreign_key_constraint_on": { + "column": "old_rule_id", + "table": { + "schema": "public", + "name": "changelog_rule" + } + } + } + }, + { + "name": "changelog_rules", + "using": { + "foreign_key_constraint_on": { + "column": "new_rule_id", + "table": { + "schema": "public", + "name": "changelog_rule" + } + } + } + }, + { + "name": "rule_froms", + "using": { + "foreign_key_constraint_on": { + "column": "rule_id", + "table": { + "schema": "public", + "name": "rule_from" + } + } + } + }, + { + "name": "rule_nwobj_resolveds", + "using": { + "foreign_key_constraint_on": { + "column": "rule_id", + "table": { + "schema": "public", + "name": "rule_nwobj_resolved" + } + } + } + }, + { + "name": "rule_services", + "using": { + "foreign_key_constraint_on": { + "column": "rule_id", + "table": { + "schema": "public", + "name": "rule_service" + } + } + } + }, + { + "name": "rule_svc_resolveds", + "using": { + "foreign_key_constraint_on": { + "column": "rule_id", + "table": { + "schema": "public", + "name": "rule_svc_resolved" + } + } + } + }, + { + "name": "rule_tos", + "using": { + "foreign_key_constraint_on": { + "column": "rule_id", + "table": { + "schema": "public", + "name": "rule_to" + } + } + } + }, + { + "name": "rule_user_resolveds", + "using": { + "foreign_key_constraint_on": { + "column": "rule_id", + "table": { + "schema": "public", + "name": "rule_user_resolved" + } + } + } + }, + { + "name": "rules", + "using": { + "foreign_key_constraint_on": { + "column": "parent_rule_id", + "table": { + "schema": "public", + "name": "rule" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "action_id", + "active", + "dev_id", + "last_change_admin", + "mgm_id", + "parent_rule_id", + "parent_rule_type", + "rule_action", + "rule_comment", + "rule_create", + "rule_disabled", + "rule_dst", + "rule_dst_neg", + "rule_dst_refs", + "rule_from_zone", + "rule_head_text", + "rule_id", + "rule_implied", + "rule_installon", + "rule_last_seen", + "rule_name", + "rule_num", + "rule_num_numeric", + "rule_ruleid", + "rule_src", + "rule_src_neg", + "rule_src_refs", + "rule_svc", + "rule_svc_neg", + "rule_svc_refs", + "rule_time", + "rule_to_zone", + "rule_track", + "rule_uid", + "track_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "action_id", + "active", + "dev_id", + "last_change_admin", + "mgm_id", + "parent_rule_id", + "parent_rule_type", + "rule_action", + "rule_comment", + "rule_create", + "rule_disabled", + "rule_dst", + "rule_dst_neg", + "rule_dst_refs", + "rule_from_zone", + "rule_head_text", + "rule_id", + "rule_implied", + "rule_installon", + "rule_last_seen", + "rule_name", + "rule_num", + "rule_num_numeric", + "rule_ruleid", + "rule_src", + "rule_src_neg", + "rule_src_refs", + "rule_svc", + "rule_svc_neg", + "rule_svc_refs", + "rule_time", + "rule_to_zone", + "rule_track", + "rule_uid", + "track_id" + ], + "filter": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "action_id", + "active", + "dev_id", + "last_change_admin", + "mgm_id", + "parent_rule_id", + "parent_rule_type", + "rule_action", + "rule_comment", + "rule_create", + "rule_disabled", + "rule_dst", + "rule_dst_neg", + "rule_dst_refs", + "rule_from_zone", + "rule_head_text", + "rule_id", + "rule_implied", + "rule_installon", + "rule_last_seen", + "rule_name", + "rule_num", + "rule_num_numeric", + "rule_ruleid", + "rule_src", + "rule_src_neg", + "rule_src_refs", + "rule_svc", + "rule_svc_neg", + "rule_svc_refs", + "rule_time", + "rule_to_zone", + "rule_track", + "rule_uid", + "track_id" + ], + "filter": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "action_id", + "active", + "dev_id", + "last_change_admin", + "mgm_id", + "parent_rule_id", + "parent_rule_type", + "rule_action", + "rule_comment", + "rule_create", + "rule_disabled", + "rule_dst", + "rule_dst_neg", + "rule_dst_refs", + "rule_from_zone", + "rule_head_text", + "rule_id", + "rule_implied", + "rule_installon", + "rule_last_seen", + "rule_name", + "rule_num", + "rule_num_numeric", + "rule_ruleid", + "rule_src", + "rule_src_neg", + "rule_src_refs", + "rule_svc", + "rule_svc_neg", + "rule_svc_refs", + "rule_time", + "rule_to_zone", + "rule_track", + "rule_uid", + "track_id" + ], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "rule_from" + }, + "object_relationships": [ + { + "name": "importControlByRfLastSeen", + "using": { + "foreign_key_constraint_on": "rf_last_seen" + } + }, + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "rf_create" + } + }, + { + "name": "object", + "using": { + "foreign_key_constraint_on": "obj_id" + } + }, + { + "name": "rule", + "using": { + "foreign_key_constraint_on": "rule_id" + } + }, + { + "name": "usr", + "using": { + "foreign_key_constraint_on": "user_id" + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "rule_from_id", + "rf_create", + "rf_last_seen", + "rule_id", + "obj_id", + "user_id", + "active", + "negated" + ], + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "rule_from_id", + "rf_create", + "rf_last_seen", + "rule_id", + "obj_id", + "user_id", + "active", + "negated" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "rule_from_id", + "rf_create", + "rf_last_seen", + "rule_id", + "obj_id", + "user_id", + "active", + "negated" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "rule_from_id", + "rf_create", + "rf_last_seen", + "rule_id", + "obj_id", + "user_id", + "active", + "negated" + ], + "filter": {} + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "rule_metadata" + }, + "object_relationships": [ + { + "name": "device", + "using": { + "foreign_key_constraint_on": "dev_id" + } + }, + { + "name": "uiuser", + "using": { + "foreign_key_constraint_on": "rule_owner" + } + }, + { + "name": "uiuserByRuleLastCertifier", + "using": { + "foreign_key_constraint_on": "rule_last_certifier" + } + } + ], + "array_relationships": [ + { + "name": "rule_reviews", + "using": { + "foreign_key_constraint_on": { + "column": "rule_metadata_id", + "table": { + "schema": "public", + "name": "rule_review" + } + } + } + }, + { + "name": "rules", + "using": { + "manual_configuration": { + "remote_table": { + "schema": "public", + "name": "rule" + }, + "insertion_order": null, + "column_mapping": { + "dev_id": "dev_id", + "rule_uid": "rule_uid" + } + } + } + } + ], + "insert_permissions": [ + { + "role": "importer", + "permission": { + "check": {}, + "columns": [ + "rule_to_be_removed", + "dev_id", + "last_change_admin", + "rule_last_certifier", + "rule_owner", + "rule_hit_counter", + "rule_metadata_id", + "rule_uid", + "rule_created", + "rule_decert_date", + "rule_first_hit", + "rule_last_certified", + "rule_last_hit", + "rule_last_modified", + "rule_last_certifier_dn", + "rule_owner_dn", + "rule_recertification_comment" + ], + "backend_only": false + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "rule_metadata_id", + "dev_id", + "rule_uid", + "rule_created", + "rule_last_modified", + "rule_first_hit", + "rule_last_hit", + "rule_hit_counter", + "rule_last_certified", + "rule_last_certifier", + "rule_last_certifier_dn", + "rule_owner", + "rule_owner_dn", + "rule_to_be_removed", + "last_change_admin", + "rule_decert_date", + "rule_recertification_comment" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "importer", + "permission": { + "columns": [ + "rule_to_be_removed", + "dev_id", + "last_change_admin", + "rule_last_certifier", + "rule_owner", + "rule_hit_counter", + "rule_metadata_id", + "rule_uid", + "rule_created", + "rule_decert_date", + "rule_first_hit", + "rule_last_certified", + "rule_last_hit", + "rule_last_modified", + "rule_last_certifier_dn", + "rule_owner_dn", + "rule_recertification_comment" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "rule_to_be_removed", + "dev_id", + "last_change_admin", + "rule_last_certifier", + "rule_owner", + "rule_hit_counter", + "rule_metadata_id", + "rule_uid", + "rule_created", + "rule_decert_date", + "rule_first_hit", + "rule_last_certified", + "rule_last_hit", + "rule_last_modified", + "rule_last_certifier_dn", + "rule_owner_dn", + "rule_recertification_comment" + ], + "filter": {} + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "rule_metadata_id", + "dev_id", + "rule_uid", + "rule_created", + "rule_last_modified", + "rule_first_hit", + "rule_last_hit", + "rule_hit_counter", + "rule_last_certified", + "rule_last_certifier", + "rule_last_certifier_dn", + "rule_owner", + "rule_owner_dn", + "rule_to_be_removed", + "last_change_admin", + "rule_decert_date", + "rule_recertification_comment" + ], + "filter": { + "dev_id": { + "_in": "x-hasura-visible-devices" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "rule_to_be_removed", + "dev_id", + "last_change_admin", + "rule_last_certifier", + "rule_owner", + "rule_hit_counter", + "rule_metadata_id", + "rule_uid", + "rule_created", + "rule_decert_date", + "rule_first_hit", + "rule_last_certified", + "rule_last_hit", + "rule_last_modified", + "rule_last_certifier_dn", + "rule_owner_dn", + "rule_recertification_comment" + ], + "filter": {}, + "allow_aggregations": true + } + } + ], + "update_permissions": [ + { + "role": "importer", + "permission": { + "columns": [ + "rule_to_be_removed", + "dev_id", + "last_change_admin", + "rule_last_certifier", + "rule_owner", + "rule_hit_counter", + "rule_metadata_id", + "rule_uid", + "rule_created", + "rule_decert_date", + "rule_first_hit", + "rule_last_certified", + "rule_last_hit", + "rule_last_modified", + "rule_last_certifier_dn", + "rule_owner_dn", + "rule_recertification_comment" + ], + "filter": {}, + "check": null + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "rule_decert_date", + "rule_last_certified", + "rule_last_certifier", + "rule_last_certifier_dn", + "rule_recertification_comment", + "rule_to_be_removed" + ], + "filter": {}, + "check": {} + } + } + ], + "delete_permissions": [ + { + "role": "importer", + "permission": { + "filter": {} + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "rule_nwobj_resolved" + }, + "object_relationships": [ + { + "name": "importControlByCreated", + "using": { + "foreign_key_constraint_on": "created" + } + }, + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "removed" + } + }, + { + "name": "management", + "using": { + "foreign_key_constraint_on": "mgm_id" + } + }, + { + "name": "object", + "using": { + "foreign_key_constraint_on": "obj_id" + } + }, + { + "name": "rule", + "using": { + "foreign_key_constraint_on": "rule_id" + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "created", + "mgm_id", + "obj_id", + "removed", + "rule_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "created", + "mgm_id", + "obj_id", + "removed", + "rule_id" + ], + "filter": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "created", + "mgm_id", + "obj_id", + "removed", + "rule_id" + ], + "filter": { + "mgm_id": { + "_in": "X-Hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "created", + "mgm_id", + "obj_id", + "removed", + "rule_id" + ], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "rule_review" + }, + "object_relationships": [ + { + "name": "rule_metadatum", + "using": { + "foreign_key_constraint_on": "rule_metadata_id" + } + }, + { + "name": "tenant", + "using": { + "foreign_key_constraint_on": "tenant_id" + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "rule_service" + }, + "object_relationships": [ + { + "name": "importControlByRsLastSeen", + "using": { + "foreign_key_constraint_on": "rs_last_seen" + } + }, + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "rs_create" + } + }, + { + "name": "rule", + "using": { + "foreign_key_constraint_on": "rule_id" + } + }, + { + "name": "service", + "using": { + "foreign_key_constraint_on": "svc_id" + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "rule_id", + "svc_id", + "active", + "rs_create", + "rs_last_seen", + "negated" + ], + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "rule_id", + "svc_id", + "active", + "rs_create", + "rs_last_seen", + "negated" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "rule_id", + "svc_id", + "active", + "rs_create", + "rs_last_seen", + "negated" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "rule_id", + "svc_id", + "active", + "rs_create", + "rs_last_seen", + "negated" + ], + "filter": {} + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "rule_svc_resolved" + }, + "object_relationships": [ + { + "name": "importControlByCreated", + "using": { + "foreign_key_constraint_on": "created" + } + }, + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "removed" + } + }, + { + "name": "management", + "using": { + "foreign_key_constraint_on": "mgm_id" + } + }, + { + "name": "rule", + "using": { + "foreign_key_constraint_on": "rule_id" + } + }, + { + "name": "service", + "using": { + "foreign_key_constraint_on": "svc_id" + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "mgm_id", + "created", + "removed", + "rule_id", + "svc_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "mgm_id", + "rule_id", + "svc_id", + "created", + "removed" + ], + "filter": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "mgm_id", + "created", + "removed", + "rule_id", + "svc_id" + ], + "filter": { + "mgm_id": { + "_in": "X-Hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "mgm_id", + "created", + "removed", + "rule_id", + "svc_id" + ], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "rule_to" + }, + "object_relationships": [ + { + "name": "importControlByRtLastSeen", + "using": { + "foreign_key_constraint_on": "rt_last_seen" + } + }, + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "rt_create" + } + }, + { + "name": "object", + "using": { + "foreign_key_constraint_on": "obj_id" + } + }, + { + "name": "rule", + "using": { + "foreign_key_constraint_on": "rule_id" + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "rule_id", + "obj_id", + "rt_create", + "rt_last_seen", + "active", + "negated" + ], + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "rule_id", + "obj_id", + "rt_create", + "rt_last_seen", + "active", + "negated" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "rule_id", + "obj_id", + "rt_create", + "rt_last_seen", + "active", + "negated" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "rule_id", + "obj_id", + "rt_create", + "rt_last_seen", + "active", + "negated" + ], + "filter": {} + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "rule_user_resolved" + }, + "object_relationships": [ + { + "name": "importControlByCreated", + "using": { + "foreign_key_constraint_on": "created" + } + }, + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "removed" + } + }, + { + "name": "management", + "using": { + "foreign_key_constraint_on": "mgm_id" + } + }, + { + "name": "rule", + "using": { + "foreign_key_constraint_on": "rule_id" + } + }, + { + "name": "usr", + "using": { + "foreign_key_constraint_on": "user_id" + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "mgm_id", + "rule_id", + "user_id", + "created", + "removed" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "mgm_id", + "created", + "removed", + "rule_id", + "user_id" + ], + "filter": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [], + "filter": { + "mgm_id": { + "_in": "X-Hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "mgm_id", + "created", + "removed", + "rule_id", + "user_id" + ], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "service" + }, + "object_relationships": [ + { + "name": "importControlBySvcLastSeen", + "using": { + "foreign_key_constraint_on": "svc_last_seen" + } + }, + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "svc_create" + } + }, + { + "name": "management", + "using": { + "foreign_key_constraint_on": "mgm_id" + } + }, + { + "name": "stm_color", + "using": { + "foreign_key_constraint_on": "svc_color_id" + } + }, + { + "name": "stm_ip_proto", + "using": { + "foreign_key_constraint_on": "ip_proto_id" + } + }, + { + "name": "stm_svc_typ", + "using": { + "foreign_key_constraint_on": "svc_typ_id" + } + }, + { + "name": "uiuser", + "using": { + "foreign_key_constraint_on": "last_change_admin" + } + } + ], + "array_relationships": [ + { + "name": "changelogServicesByOldSvcId", + "using": { + "foreign_key_constraint_on": { + "column": "old_svc_id", + "table": { + "schema": "public", + "name": "changelog_service" + } + } + } + }, + { + "name": "changelog_services", + "using": { + "foreign_key_constraint_on": { + "column": "new_svc_id", + "table": { + "schema": "public", + "name": "changelog_service" + } + } + } + }, + { + "name": "rule_services", + "using": { + "foreign_key_constraint_on": { + "column": "svc_id", + "table": { + "schema": "public", + "name": "rule_service" + } + } + } + }, + { + "name": "rule_svc_resolveds", + "using": { + "foreign_key_constraint_on": { + "column": "svc_id", + "table": { + "schema": "public", + "name": "rule_svc_resolved" + } + } + } + }, + { + "name": "svcgrpFlatsBySvcgrpFlatMemberId", + "using": { + "foreign_key_constraint_on": { + "column": "svcgrp_flat_member_id", + "table": { + "schema": "public", + "name": "svcgrp_flat" + } + } + } + }, + { + "name": "svcgrp_flats", + "using": { + "foreign_key_constraint_on": { + "column": "svcgrp_flat_id", + "table": { + "schema": "public", + "name": "svcgrp_flat" + } + } + } + }, + { + "name": "svcgrps", + "using": { + "foreign_key_constraint_on": { + "column": "svcgrp_id", + "table": { + "schema": "public", + "name": "svcgrp" + } + } + } + }, + { + "name": "svcgrpsBySvcgrpMemberId", + "using": { + "foreign_key_constraint_on": { + "column": "svcgrp_member_id", + "table": { + "schema": "public", + "name": "svcgrp" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "svc_id", + "svc_uid", + "svc_name", + "svc_typ_id", + "mgm_id", + "svc_comment", + "svc_prod_specific", + "svc_member_names", + "svc_member_refs", + "svc_color_id", + "ip_proto_id", + "svc_port", + "svc_port_end", + "initial_config", + "srv_keeponinstall", + "svc_rpcnr", + "svc_code", + "svc_match", + "svc_source_port", + "svc_source_port_end", + "svc_tcp_res", + "svc_accept_rep", + "svc_accept_rep_any", + "svc_mfa", + "svc_timeout_std", + "svc_timeout", + "svc_sync", + "svc_sync_delay", + "svc_sync_delay_start", + "active", + "last_change_admin", + "svc_create", + "svc_last_seen" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "svc_id", + "svc_uid", + "svc_name", + "svc_typ_id", + "mgm_id", + "svc_comment", + "svc_prod_specific", + "svc_member_names", + "svc_member_refs", + "svc_color_id", + "ip_proto_id", + "svc_port", + "svc_port_end", + "initial_config", + "srv_keeponinstall", + "svc_rpcnr", + "svc_code", + "svc_match", + "svc_source_port", + "svc_source_port_end", + "svc_tcp_res", + "svc_accept_rep", + "svc_accept_rep_any", + "svc_mfa", + "svc_timeout_std", + "svc_timeout", + "svc_sync", + "svc_sync_delay", + "svc_sync_delay_start", + "active", + "last_change_admin", + "svc_create", + "svc_last_seen" + ], + "filter": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "svc_id", + "svc_uid", + "svc_name", + "svc_typ_id", + "mgm_id", + "svc_comment", + "svc_prod_specific", + "svc_member_names", + "svc_member_refs", + "svc_color_id", + "ip_proto_id", + "svc_port", + "svc_port_end", + "initial_config", + "srv_keeponinstall", + "svc_rpcnr", + "svc_code", + "svc_match", + "svc_source_port", + "svc_source_port_end", + "svc_tcp_res", + "svc_accept_rep", + "svc_accept_rep_any", + "svc_mfa", + "svc_timeout_std", + "svc_timeout", + "svc_sync", + "svc_sync_delay", + "svc_sync_delay_start", + "active", + "last_change_admin", + "svc_create", + "svc_last_seen" + ], + "filter": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "svc_id", + "svc_uid", + "svc_name", + "svc_typ_id", + "mgm_id", + "svc_comment", + "svc_prod_specific", + "svc_member_names", + "svc_member_refs", + "svc_color_id", + "ip_proto_id", + "svc_port", + "svc_port_end", + "initial_config", + "srv_keeponinstall", + "svc_rpcnr", + "svc_code", + "svc_match", + "svc_source_port", + "svc_source_port_end", + "svc_tcp_res", + "svc_accept_rep", + "svc_accept_rep_any", + "svc_mfa", + "svc_timeout_std", + "svc_timeout", + "svc_sync", + "svc_sync_delay", + "svc_sync_delay_start", + "active", + "last_change_admin", + "svc_create", + "svc_last_seen" + ], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "stm_action" + }, + "array_relationships": [ + { + "name": "rules", + "using": { + "foreign_key_constraint_on": { + "column": "action_id", + "table": { + "schema": "public", + "name": "rule" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": ["action_id", "action_name"], + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": ["action_id", "action_name"], + "filter": {} + } + }, + { + "role": "reporter", + "permission": { + "columns": ["action_id", "action_name"], + "filter": {} + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": ["action_id", "action_name"], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "stm_change_type" + }, + "array_relationships": [ + { + "name": "changelog_objects", + "using": { + "foreign_key_constraint_on": { + "column": "change_type_id", + "table": { + "schema": "public", + "name": "changelog_object" + } + } + } + }, + { + "name": "changelog_rules", + "using": { + "foreign_key_constraint_on": { + "column": "change_type_id", + "table": { + "schema": "public", + "name": "changelog_rule" + } + } + } + }, + { + "name": "changelog_services", + "using": { + "foreign_key_constraint_on": { + "column": "change_type_id", + "table": { + "schema": "public", + "name": "changelog_service" + } + } + } + }, + { + "name": "changelog_users", + "using": { + "foreign_key_constraint_on": { + "column": "change_type_id", + "table": { + "schema": "public", + "name": "changelog_user" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": ["change_type_id", "change_type_name"], + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": ["change_type_id", "change_type_name"], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": ["change_type_id", "change_type_name"], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": ["change_type_id", "change_type_name"], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "stm_color" + }, + "array_relationships": [ + { + "name": "objects", + "using": { + "foreign_key_constraint_on": { + "column": "obj_color_id", + "table": { + "schema": "public", + "name": "object" + } + } + } + }, + { + "name": "services", + "using": { + "foreign_key_constraint_on": { + "column": "svc_color_id", + "table": { + "schema": "public", + "name": "service" + } + } + } + }, + { + "name": "usrs", + "using": { + "foreign_key_constraint_on": { + "column": "user_color_id", + "table": { + "schema": "public", + "name": "usr" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "color_id", + "color_name", + "color_rgb", + "color_comment" + ], + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "color_id", + "color_name", + "color_rgb", + "color_comment" + ], + "filter": {} + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "color_id", + "color_name", + "color_rgb", + "color_comment" + ], + "filter": {} + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "color_id", + "color_name", + "color_rgb", + "color_comment" + ], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "stm_dev_typ" + }, + "array_relationships": [ + { + "name": "devices", + "using": { + "foreign_key_constraint_on": { + "column": "dev_typ_id", + "table": { + "schema": "public", + "name": "device" + } + } + } + }, + { + "name": "management", + "using": { + "foreign_key_constraint_on": { + "column": "dev_typ_id", + "table": { + "schema": "public", + "name": "management" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "dev_typ_is_mgmt", + "dev_typ_id", + "dev_typ_comment", + "dev_typ_predef_obj", + "dev_typ_predef_svc", + "dev_typ_config_file_basic_objects", + "dev_typ_config_file_rules", + "dev_typ_config_file_users", + "dev_typ_manufacturer", + "dev_typ_name", + "dev_typ_version" + ], + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "dev_typ_id", + "dev_typ_manufacturer", + "dev_typ_name", + "dev_typ_version", + "dev_typ_comment", + "dev_typ_predef_svc", + "dev_typ_predef_obj", + "dev_typ_is_mgmt", + "dev_typ_config_file_rules", + "dev_typ_config_file_basic_objects", + "dev_typ_config_file_users" + ], + "filter": {} + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "dev_typ_id", + "dev_typ_manufacturer", + "dev_typ_name", + "dev_typ_version", + "dev_typ_comment", + "dev_typ_predef_svc", + "dev_typ_predef_obj", + "dev_typ_is_mgmt", + "dev_typ_config_file_rules", + "dev_typ_config_file_basic_objects", + "dev_typ_config_file_users" + ], + "filter": {} + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "dev_typ_id", + "dev_typ_manufacturer", + "dev_typ_name", + "dev_typ_version", + "dev_typ_comment", + "dev_typ_predef_svc", + "dev_typ_predef_obj", + "dev_typ_is_mgmt", + "dev_typ_config_file_rules", + "dev_typ_config_file_basic_objects", + "dev_typ_config_file_users" + ], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "stm_ip_proto" + }, + "array_relationships": [ + { + "name": "services", + "using": { + "foreign_key_constraint_on": { + "column": "ip_proto_id", + "table": { + "schema": "public", + "name": "service" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "ip_proto_id", + "ip_proto_name", + "ip_proto_comment" + ], + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "ip_proto_id", + "ip_proto_name", + "ip_proto_comment" + ], + "filter": {} + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "ip_proto_id", + "ip_proto_name", + "ip_proto_comment" + ], + "filter": {} + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "ip_proto_id", + "ip_proto_name", + "ip_proto_comment" + ], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "stm_nattyp" + }, + "array_relationships": [ + { + "name": "objects", + "using": { + "foreign_key_constraint_on": { + "column": "nattyp_id", + "table": { + "schema": "public", + "name": "object" + } + } + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "stm_obj_typ" + }, + "array_relationships": [ + { + "name": "objects", + "using": { + "foreign_key_constraint_on": { + "column": "obj_typ_id", + "table": { + "schema": "public", + "name": "object" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "obj_typ_id", + "obj_typ_name", + "obj_typ_comment" + ], + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "obj_typ_id", + "obj_typ_name", + "obj_typ_comment" + ], + "filter": {} + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "obj_typ_id", + "obj_typ_name", + "obj_typ_comment" + ], + "filter": {} + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "obj_typ_id", + "obj_typ_name", + "obj_typ_comment" + ], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "stm_svc_typ" + }, + "array_relationships": [ + { + "name": "services", + "using": { + "foreign_key_constraint_on": { + "column": "svc_typ_id", + "table": { + "schema": "public", + "name": "service" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "svc_typ_id", + "svc_typ_name", + "svc_typ_comment" + ], + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "svc_typ_id", + "svc_typ_name", + "svc_typ_comment" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "svc_typ_id", + "svc_typ_name", + "svc_typ_comment" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "svc_typ_id", + "svc_typ_name", + "svc_typ_comment" + ], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "stm_track" + }, + "array_relationships": [ + { + "name": "rules", + "using": { + "foreign_key_constraint_on": { + "column": "track_id", + "table": { + "schema": "public", + "name": "rule" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": ["track_id", "track_name"], + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": ["track_id", "track_name"], + "filter": {} + } + }, + { + "role": "reporter", + "permission": { + "columns": ["track_id", "track_name"], + "filter": {} + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": ["track_id", "track_name"], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "stm_usr_typ" + }, + "array_relationships": [ + { + "name": "usrs", + "using": { + "foreign_key_constraint_on": { + "column": "usr_typ_id", + "table": { + "schema": "public", + "name": "usr" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": ["usr_typ_id", "usr_typ_name"], + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": ["usr_typ_id", "usr_typ_name"], + "filter": {} + } + }, + { + "role": "reporter", + "permission": { + "columns": ["usr_typ_id", "usr_typ_name"], + "filter": {} + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": ["usr_typ_id", "usr_typ_name"], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "svcgrp" + }, + "object_relationships": [ + { + "name": "importControlByImportLastSeen", + "using": { + "foreign_key_constraint_on": "import_last_seen" + } + }, + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "import_created" + } + }, + { + "name": "service", + "using": { + "foreign_key_constraint_on": "svcgrp_id" + } + }, + { + "name": "serviceBySvcgrpMemberId", + "using": { + "foreign_key_constraint_on": "svcgrp_member_id" + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "svcgrp_id", + "svcgrp_member_id", + "import_created", + "import_last_seen", + "active", + "negated" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "svcgrp_id", + "svcgrp_member_id", + "import_created", + "import_last_seen", + "active", + "negated" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "svcgrp_id", + "svcgrp_member_id", + "import_created", + "import_last_seen", + "active", + "negated" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "svcgrp_id", + "svcgrp_member_id", + "import_created", + "import_last_seen", + "active", + "negated" + ], + "filter": {} + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "svcgrp_flat" + }, + "object_relationships": [ + { + "name": "importControlByImportLastSeen", + "using": { + "foreign_key_constraint_on": "import_last_seen" + } + }, + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "import_created" + } + }, + { + "name": "service", + "using": { + "foreign_key_constraint_on": "svcgrp_flat_id" + } + }, + { + "name": "serviceBySvcgrpFlatMemberId", + "using": { + "foreign_key_constraint_on": "svcgrp_flat_member_id" + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "svcgrp_flat_id", + "svcgrp_flat_member_id", + "import_created", + "import_last_seen", + "active", + "negated" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "svcgrp_flat_id", + "svcgrp_flat_member_id", + "import_created", + "import_last_seen", + "active", + "negated" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "svcgrp_flat_id", + "svcgrp_flat_member_id", + "import_created", + "import_last_seen", + "active", + "negated" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "svcgrp_flat_id", + "svcgrp_flat_member_id", + "import_created", + "import_last_seen", + "active", + "negated" + ], + "filter": {} + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "tenant" + }, + "array_relationships": [ + { + "name": "devices", + "using": { + "foreign_key_constraint_on": { + "column": "tenant_id", + "table": { + "schema": "public", + "name": "device" + } + } + } + }, + { + "name": "ldap_connections", + "using": { + "foreign_key_constraint_on": { + "column": "tenant_id", + "table": { + "schema": "public", + "name": "ldap_connection" + } + } + } + }, + { + "name": "management", + "using": { + "foreign_key_constraint_on": { + "column": "tenant_id", + "table": { + "schema": "public", + "name": "management" + } + } + } + }, + { + "name": "report_template_viewable_by_tenants", + "using": { + "foreign_key_constraint_on": { + "column": "tenant_id", + "table": { + "schema": "public", + "name": "report_template_viewable_by_tenant" + } + } + } + }, + { + "name": "reports", + "using": { + "foreign_key_constraint_on": { + "column": "tenant_wide_visible", + "table": { + "schema": "public", + "name": "report" + } + } + } + }, + { + "name": "requests", + "using": { + "foreign_key_constraint_on": { + "column": "tenant_id", + "table": { + "schema": "public", + "name": "request" + } + } + } + }, + { + "name": "rule_reviews", + "using": { + "foreign_key_constraint_on": { + "column": "tenant_id", + "table": { + "schema": "public", + "name": "rule_review" + } + } + } + }, + { + "name": "tenant_networks", + "using": { + "foreign_key_constraint_on": { + "column": "tenant_id", + "table": { + "schema": "public", + "name": "tenant_network" + } + } + } + }, + { + "name": "tenant_objects", + "using": { + "foreign_key_constraint_on": { + "column": "tenant_id", + "table": { + "schema": "public", + "name": "tenant_object" + } + } + } + }, + { + "name": "tenant_to_devices", + "using": { + "foreign_key_constraint_on": { + "column": "tenant_id", + "table": { + "schema": "public", + "name": "tenant_to_device" + } + } + } + }, + { + "name": "tenant_usernames", + "using": { + "foreign_key_constraint_on": { + "column": "tenant_id", + "table": { + "schema": "public", + "name": "tenant_username" + } + } + } + }, + { + "name": "tenant_users", + "using": { + "foreign_key_constraint_on": { + "column": "tenant_id", + "table": { + "schema": "public", + "name": "tenant_user" + } + } + } + }, + { + "name": "uiusers", + "using": { + "foreign_key_constraint_on": { + "column": "tenant_id", + "table": { + "schema": "public", + "name": "uiuser" + } + } + } + }, + { + "name": "usrs", + "using": { + "foreign_key_constraint_on": { + "column": "tenant_id", + "table": { + "schema": "public", + "name": "usr" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "tenant_id", + "tenant_name", + "tenant_projekt", + "tenant_comment", + "tenant_report", + "tenant_can_view_all_devices", + "tenant_is_superadmin", + "tenant_create" + ], + "filter": {} + } + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "tenant_id", + "tenant_name", + "tenant_projekt", + "tenant_comment", + "tenant_report", + "tenant_can_view_all_devices", + "tenant_is_superadmin", + "tenant_create" + ], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "tenant_network" + }, + "object_relationships": [ + { + "name": "tenant", + "using": { + "foreign_key_constraint_on": "tenant_id" + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "tenant_object" + }, + "object_relationships": [ + { + "name": "object", + "using": { + "foreign_key_constraint_on": "obj_id" + } + }, + { + "name": "tenant", + "using": { + "foreign_key_constraint_on": "tenant_id" + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "tenant_to_device" + }, + "object_relationships": [ + { + "name": "device", + "using": { + "foreign_key_constraint_on": "device_id" + } + }, + { + "name": "tenant", + "using": { + "foreign_key_constraint_on": "tenant_id" + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": ["tenant_id", "device_id"], + "filter": {} + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "tenant_user" + }, + "object_relationships": [ + { + "name": "tenant", + "using": { + "foreign_key_constraint_on": "tenant_id" + } + }, + { + "name": "usr", + "using": { + "foreign_key_constraint_on": "user_id" + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "tenant_username" + }, + "object_relationships": [ + { + "name": "tenant", + "using": { + "foreign_key_constraint_on": "tenant_id" + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "txt" + }, + "object_relationships": [ + { + "name": "languageByLanguage", + "using": { + "foreign_key_constraint_on": "language" + } + } + ], + "select_permissions": [ + { + "role": "anonymous", + "permission": { + "columns": ["id", "language", "txt"], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "auditor", + "permission": { + "columns": ["id", "language", "txt"], + "filter": {} + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "uiuser" + }, + "object_relationships": [ + { + "name": "language", + "using": { + "foreign_key_constraint_on": "uiuser_language" + } + }, + { + "name": "ldap_connection", + "using": { + "foreign_key_constraint_on": "ldap_connection_id" + } + }, + { + "name": "tenant", + "using": { + "foreign_key_constraint_on": "tenant_id" + } + } + ], + "array_relationships": [ + { + "name": "changelogObjectsByImportAdmin", + "using": { + "foreign_key_constraint_on": { + "column": "import_admin", + "table": { + "schema": "public", + "name": "changelog_object" + } + } + } + }, + { + "name": "changelogRulesByImportAdmin", + "using": { + "foreign_key_constraint_on": { + "column": "import_admin", + "table": { + "schema": "public", + "name": "changelog_rule" + } + } + } + }, + { + "name": "changelogServicesByImportAdmin", + "using": { + "foreign_key_constraint_on": { + "column": "import_admin", + "table": { + "schema": "public", + "name": "changelog_service" + } + } + } + }, + { + "name": "changelogUsersByImportAdmin", + "using": { + "foreign_key_constraint_on": { + "column": "import_admin", + "table": { + "schema": "public", + "name": "changelog_user" + } + } + } + }, + { + "name": "changelog_objects", + "using": { + "foreign_key_constraint_on": { + "column": "doku_admin", + "table": { + "schema": "public", + "name": "changelog_object" + } + } + } + }, + { + "name": "changelog_rules", + "using": { + "foreign_key_constraint_on": { + "column": "doku_admin", + "table": { + "schema": "public", + "name": "changelog_rule" + } + } + } + }, + { + "name": "changelog_services", + "using": { + "foreign_key_constraint_on": { + "column": "doku_admin", + "table": { + "schema": "public", + "name": "changelog_service" + } + } + } + }, + { + "name": "changelog_users", + "using": { + "foreign_key_constraint_on": { + "column": "doku_admin", + "table": { + "schema": "public", + "name": "changelog_user" + } + } + } + }, + { + "name": "configs", + "using": { + "foreign_key_constraint_on": { + "column": "config_user", + "table": { + "schema": "public", + "name": "config" + } + } + } + }, + { + "name": "objects", + "using": { + "foreign_key_constraint_on": { + "column": "last_change_admin", + "table": { + "schema": "public", + "name": "object" + } + } + } + }, + { + "name": "report_schedules", + "using": { + "foreign_key_constraint_on": { + "column": "report_schedule_owner", + "table": { + "schema": "public", + "name": "report_schedule" + } + } + } + }, + { + "name": "report_template_viewable_by_users", + "using": { + "foreign_key_constraint_on": { + "column": "uiuser_id", + "table": { + "schema": "public", + "name": "report_template_viewable_by_user" + } + } + } + }, + { + "name": "report_templates", + "using": { + "foreign_key_constraint_on": { + "column": "report_template_owner", + "table": { + "schema": "public", + "name": "report_template" + } + } + } + }, + { + "name": "reports", + "using": { + "foreign_key_constraint_on": { + "column": "report_owner_id", + "table": { + "schema": "public", + "name": "report" + } + } + } + }, + { + "name": "ruleMetadataByRuleOwner", + "using": { + "foreign_key_constraint_on": { + "column": "rule_owner", + "table": { + "schema": "public", + "name": "rule_metadata" + } + } + } + }, + { + "name": "rule_metadata", + "using": { + "foreign_key_constraint_on": { + "column": "rule_last_certifier", + "table": { + "schema": "public", + "name": "rule_metadata" + } + } + } + }, + { + "name": "rules", + "using": { + "foreign_key_constraint_on": { + "column": "last_change_admin", + "table": { + "schema": "public", + "name": "rule" + } + } + } + }, + { + "name": "services", + "using": { + "foreign_key_constraint_on": { + "column": "last_change_admin", + "table": { + "schema": "public", + "name": "service" + } + } + } + }, + { + "name": "usrs", + "using": { + "foreign_key_constraint_on": { + "column": "last_change_admin", + "table": { + "schema": "public", + "name": "usr" + } + } + } + } + ], + "insert_permissions": [ + { + "role": "middleware-server", + "permission": { + "check": {}, + "columns": [ + "ldap_connection_id", + "tenant_id", + "uiuser_email", + "uiuser_end_date", + "uiuser_first_name", + "uiuser_id", + "uiuser_language", + "uiuser_last_login", + "uiuser_last_name", + "uiuser_last_password_change", + "uiuser_password_must_be_changed", + "uiuser_pwd_history", + "uiuser_start_date", + "uiuser_username", + "uuid" + ], + "backend_only": false + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "ldap_connection_id", + "tenant_id", + "uiuser_email", + "uiuser_end_date", + "uiuser_first_name", + "uiuser_id", + "uiuser_language", + "uiuser_last_login", + "uiuser_last_name", + "uiuser_last_password_change", + "uiuser_password_must_be_changed", + "uiuser_pwd_history", + "uiuser_start_date", + "uiuser_username", + "uuid" + ], + "filter": {} + } + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "ldap_connection_id", + "tenant_id", + "uiuser_email", + "uiuser_end_date", + "uiuser_first_name", + "uiuser_id", + "uiuser_language", + "uiuser_last_login", + "uiuser_last_name", + "uiuser_last_password_change", + "uiuser_password_must_be_changed", + "uiuser_pwd_history", + "uiuser_start_date", + "uiuser_username", + "uuid" + ], + "filter": {} + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "ldap_connection_id", + "tenant_id", + "uiuser_email", + "uiuser_end_date", + "uiuser_first_name", + "uiuser_id", + "uiuser_language", + "uiuser_last_login", + "uiuser_last_name", + "uiuser_last_password_change", + "uiuser_password_must_be_changed", + "uiuser_pwd_history", + "uiuser_start_date", + "uiuser_username", + "uuid" + ], + "filter": { + "uuid": { + "_eq": "x-hasura-uuid" + } + } + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "ldap_connection_id", + "tenant_id", + "uiuser_email", + "uiuser_end_date", + "uiuser_first_name", + "uiuser_id", + "uiuser_language", + "uiuser_last_login", + "uiuser_last_name", + "uiuser_last_password_change", + "uiuser_password_must_be_changed", + "uiuser_pwd_history", + "uiuser_start_date", + "uiuser_username", + "uuid" + ], + "filter": { + "uuid": { + "_eq": "x-hasura-uuid" + } + } + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "ldap_connection_id", + "tenant_id", + "uiuser_email", + "uiuser_end_date", + "uiuser_first_name", + "uiuser_id", + "uiuser_language", + "uiuser_last_login", + "uiuser_last_name", + "uiuser_last_password_change", + "uiuser_password_must_be_changed", + "uiuser_pwd_history", + "uiuser_start_date", + "uiuser_username", + "uuid" + ], + "filter": { + "uuid": { + "_eq": "x-hasura-uuid" + } + } + } + } + ], + "update_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "ldap_connection_id", + "tenant_id", + "uiuser_email", + "uiuser_end_date", + "uiuser_first_name", + "uiuser_id", + "uiuser_language", + "uiuser_last_login", + "uiuser_last_name", + "uiuser_last_password_change", + "uiuser_password_must_be_changed", + "uiuser_pwd_history", + "uiuser_start_date", + "uiuser_username", + "uuid" + ], + "filter": { + "uuid": { + "_eq": "X-Hasura-uuid" + } + }, + "check": null + } + }, + { + "role": "middleware-server", + "permission": { + "columns": [ + "ldap_connection_id", + "tenant_id", + "uiuser_email", + "uiuser_end_date", + "uiuser_first_name", + "uiuser_id", + "uiuser_language", + "uiuser_last_login", + "uiuser_last_name", + "uiuser_last_password_change", + "uiuser_password_must_be_changed", + "uiuser_pwd_history", + "uiuser_start_date", + "uiuser_username", + "uuid" + ], + "filter": {}, + "check": null + } + }, + { + "role": "recertifier", + "permission": { + "columns": ["uiuser_language"], + "filter": { + "uuid": { + "_eq": "x-hasura-uuid" + } + }, + "check": null + } + }, + { + "role": "reporter", + "permission": { + "columns": ["uiuser_language"], + "filter": { + "uuid": { + "_eq": "x-hasura-uuid" + } + }, + "check": null + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": ["uiuser_language"], + "filter": { + "uuid": { + "_eq": "x-hasura-uuid" + } + }, + "check": null + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "usergrp" + }, + "object_relationships": [ + { + "name": "importControlByImportLastSeen", + "using": { + "foreign_key_constraint_on": "import_last_seen" + } + }, + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "import_created" + } + }, + { + "name": "usr", + "using": { + "foreign_key_constraint_on": "usergrp_id" + } + }, + { + "name": "usrByUsergrpMemberId", + "using": { + "foreign_key_constraint_on": "usergrp_member_id" + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "usergrp_id", + "usergrp_member_id", + "import_created", + "import_last_seen", + "active" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "usergrp_id", + "usergrp_member_id", + "import_created", + "import_last_seen", + "active" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "usergrp_id", + "usergrp_member_id", + "import_created", + "import_last_seen", + "active" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "usergrp_id", + "usergrp_member_id", + "import_created", + "import_last_seen", + "active" + ], + "filter": {} + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "usergrp_flat" + }, + "object_relationships": [ + { + "name": "importControlByImportLastSeen", + "using": { + "foreign_key_constraint_on": "import_last_seen" + } + }, + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "import_created" + } + }, + { + "name": "usr", + "using": { + "foreign_key_constraint_on": "usergrp_flat_id" + } + }, + { + "name": "usrByUsergrpFlatMemberId", + "using": { + "foreign_key_constraint_on": "usergrp_flat_member_id" + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "active", + "usergrp_flat_id", + "usergrp_flat_member_id", + "import_created", + "import_last_seen" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "active", + "usergrp_flat_id", + "usergrp_flat_member_id", + "import_created", + "import_last_seen" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "active", + "usergrp_flat_id", + "usergrp_flat_member_id", + "import_created", + "import_last_seen" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "active", + "usergrp_flat_id", + "usergrp_flat_member_id", + "import_created", + "import_last_seen" + ], + "filter": {} + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "usr" + }, + "object_relationships": [ + { + "name": "importControlByUserLastSeen", + "using": { + "foreign_key_constraint_on": "user_last_seen" + } + }, + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "user_create" + } + }, + { + "name": "management", + "using": { + "foreign_key_constraint_on": "mgm_id" + } + }, + { + "name": "stm_color", + "using": { + "foreign_key_constraint_on": "user_color_id" + } + }, + { + "name": "stm_usr_typ", + "using": { + "foreign_key_constraint_on": "usr_typ_id" + } + }, + { + "name": "tenant", + "using": { + "foreign_key_constraint_on": "tenant_id" + } + }, + { + "name": "uiuser", + "using": { + "foreign_key_constraint_on": "last_change_admin" + } + } + ], + "array_relationships": [ + { + "name": "changelogUsersByOldUserId", + "using": { + "foreign_key_constraint_on": { + "column": "old_user_id", + "table": { + "schema": "public", + "name": "changelog_user" + } + } + } + }, + { + "name": "changelog_users", + "using": { + "foreign_key_constraint_on": { + "column": "new_user_id", + "table": { + "schema": "public", + "name": "changelog_user" + } + } + } + }, + { + "name": "rule_froms", + "using": { + "foreign_key_constraint_on": { + "column": "user_id", + "table": { + "schema": "public", + "name": "rule_from" + } + } + } + }, + { + "name": "rule_user_resolveds", + "using": { + "foreign_key_constraint_on": { + "column": "user_id", + "table": { + "schema": "public", + "name": "rule_user_resolved" + } + } + } + }, + { + "name": "tenant_users", + "using": { + "foreign_key_constraint_on": { + "column": "user_id", + "table": { + "schema": "public", + "name": "tenant_user" + } + } + } + }, + { + "name": "usergrpFlatsByUsergrpFlatMemberId", + "using": { + "foreign_key_constraint_on": { + "column": "usergrp_flat_member_id", + "table": { + "schema": "public", + "name": "usergrp_flat" + } + } + } + }, + { + "name": "usergrp_flats", + "using": { + "foreign_key_constraint_on": { + "column": "usergrp_flat_id", + "table": { + "schema": "public", + "name": "usergrp_flat" + } + } + } + }, + { + "name": "usergrps", + "using": { + "foreign_key_constraint_on": { + "column": "usergrp_id", + "table": { + "schema": "public", + "name": "usergrp" + } + } + } + }, + { + "name": "usergrpsByUsergrpMemberId", + "using": { + "foreign_key_constraint_on": { + "column": "usergrp_member_id", + "table": { + "schema": "public", + "name": "usergrp" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "user_id", + "usr_typ_id", + "user_color_id", + "mgm_id", + "user_name", + "active", + "user_member_names", + "user_member_refs", + "user_authmethod", + "user_valid_from", + "user_valid_until", + "src_restrict", + "dst_restrict", + "time_restrict", + "user_create", + "user_last_seen", + "user_comment", + "user_uid", + "user_firstname", + "user_lastname", + "last_change_admin", + "tenant_id" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "user_id", + "usr_typ_id", + "user_color_id", + "mgm_id", + "user_name", + "active", + "user_member_names", + "user_member_refs", + "user_authmethod", + "user_valid_from", + "user_valid_until", + "src_restrict", + "dst_restrict", + "time_restrict", + "user_create", + "user_last_seen", + "user_comment", + "user_uid", + "user_firstname", + "user_lastname", + "last_change_admin", + "tenant_id" + ], + "filter": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "user_id", + "usr_typ_id", + "user_color_id", + "mgm_id", + "user_name", + "active", + "user_member_names", + "user_member_refs", + "user_authmethod", + "user_valid_from", + "user_valid_until", + "src_restrict", + "dst_restrict", + "time_restrict", + "user_create", + "user_last_seen", + "user_comment", + "user_uid", + "user_firstname", + "user_lastname", + "last_change_admin", + "tenant_id" + ], + "filter": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "user_id", + "usr_typ_id", + "user_color_id", + "mgm_id", + "user_name", + "active", + "user_member_names", + "user_member_refs", + "user_authmethod", + "user_valid_from", + "user_valid_until", + "src_restrict", + "dst_restrict", + "time_restrict", + "user_create", + "user_last_seen", + "user_comment", + "user_uid", + "user_firstname", + "user_lastname", + "last_change_admin", + "tenant_id" + ], + "filter": {}, + "allow_aggregations": true + } + } + ] + }, + { + "table": { + "schema": "public", + "name": "view_change_counter" + } + }, + { + "table": { + "schema": "public", + "name": "view_changes" + } + }, + { + "table": { + "schema": "public", + "name": "view_changes_by_changed_element_id" + } + }, + { + "table": { + "schema": "public", + "name": "view_device_names" + } + }, + { + "table": { + "schema": "public", + "name": "view_documented_change_counter" + } + }, + { + "table": { + "schema": "public", + "name": "view_import_status_errors" + } + }, + { + "table": { + "schema": "public", + "name": "view_import_status_successful" + } + }, + { + "table": { + "schema": "public", + "name": "view_import_status_table" + } + }, + { + "table": { + "schema": "public", + "name": "view_import_status_table_unsorted" + } + }, + { + "table": { + "schema": "public", + "name": "view_obj_changes" + } + }, + { + "table": { + "schema": "public", + "name": "view_reportable_changes" + } + }, + { + "table": { + "schema": "public", + "name": "view_rule_changes" + } + }, + { + "table": { + "schema": "public", + "name": "view_rule_source_or_destination" + } + }, + { + "table": { + "schema": "public", + "name": "view_svc_changes" + } + }, + { + "table": { + "schema": "public", + "name": "view_undocumented_change_counter" + } + }, + { + "table": { + "schema": "public", + "name": "view_undocumented_changes" + } + }, + { + "table": { + "schema": "public", + "name": "view_user_changes" + } + }, + { + "table": { + "schema": "public", + "name": "zone" + }, + "object_relationships": [ + { + "name": "importControlByZoneLastSeen", + "using": { + "foreign_key_constraint_on": "zone_last_seen" + } + }, + { + "name": "import_control", + "using": { + "foreign_key_constraint_on": "zone_create" + } + }, + { + "name": "management", + "using": { + "foreign_key_constraint_on": "mgm_id" + } + } + ], + "array_relationships": [ + { + "name": "objects", + "using": { + "foreign_key_constraint_on": { + "column": "zone_id", + "table": { + "schema": "public", + "name": "object" + } + } + } + }, + { + "name": "rules", + "using": { + "foreign_key_constraint_on": { + "column": "rule_from_zone", + "table": { + "schema": "public", + "name": "rule" + } + } + } + }, + { + "name": "rulesByRuleToZone", + "using": { + "foreign_key_constraint_on": { + "column": "rule_to_zone", + "table": { + "schema": "public", + "name": "rule" + } + } + } + } + ], + "select_permissions": [ + { + "role": "auditor", + "permission": { + "columns": [ + "zone_id", + "zone_create", + "zone_last_seen", + "mgm_id", + "zone_name", + "active" + ], + "filter": {}, + "allow_aggregations": true + } + }, + { + "role": "recertifier", + "permission": { + "columns": [ + "zone_id", + "zone_create", + "zone_last_seen", + "mgm_id", + "zone_name", + "active" + ], + "filter": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter", + "permission": { + "columns": [ + "zone_id", + "zone_create", + "zone_last_seen", + "mgm_id", + "zone_name", + "active" + ], + "filter": { + "mgm_id": { + "_in": "x-hasura-visible-managements" + } + }, + "allow_aggregations": true + } + }, + { + "role": "reporter-viewall", + "permission": { + "columns": [ + "active", + "mgm_id", + "zone_create", + "zone_last_seen", + "zone_id", + "zone_name" + ], + "filter": {}, + "allow_aggregations": true + } + } + ] + } + ], + "functions": [ + { + "function": { + "schema": "public", + "name": "get_visible_devices_per_tenant" + } + }, + { + "function": { + "schema": "public", + "name": "get_visible_managements_per_tenant" + } + } + ], + "configuration": { + "connection_info": { + "use_prepared_statements": true, + "database_url": { + "from_env": "HASURA_GRAPHQL_DATABASE_URL" + }, + "isolation_level": "read-committed", + "pool_settings": { + "connection_lifetime": 600, + "retries": 1, + "idle_timeout": 180, + "max_connections": 50 + } + } + } + } + ] + } + } +} diff --git a/roles/api/tasks/hasura-basic-config.yml b/roles/api/tasks/hasura-basic-config.yml deleted file mode 100644 index e5418f197..000000000 --- a/roles/api/tasks/hasura-basic-config.yml +++ /dev/null @@ -1,55 +0,0 @@ -# api config (metadata) - -- name: create /usr/local/bin - file: - path: /usr/local/bin - state: directory - mode: "0755" - become: yes - -- name: download hasura cli binary - get_url: - url: "https://github.com/hasura/graphql-engine/releases/download/{{ api_hasura_version }}/cli-hasura-linux-amd64" - dest: "{{ api_hasura_cli_bin }}" - mode: "0755" - owner: "{{ fworch_user }}" - group: "{{ fworch_group }}" - environment: "{{ proxy_env }}" - become: yes - -- name: initialize hasura cli directory - command: "{{ api_hasura_cli_bin }} init {{ product_name }} --endpoint http://{{ api_ip_address }}:{{ api_port }} --admin-secret {{ api_hasura_admin_secret }}" - args: - chdir: "{{ api_home }}" - become: yes - become_user: "{{ fworch_user }}" - environment: "{{ proxy_env }}" - - -- name: copy hasura metadata to cli directory - copy: - src: hasura_metadata.yaml - dest: "{{ api_home }}/{{ product_name }}/migrations/metadata.yaml" - backup: yes - mode: "0644" - owner: "{{ fworch_user }}" - group: "{{ fworch_group }}" - become: yes - -- name: wait for hasura port to become available - wait_for: - port: "{{ api_port }}" - host: "{{ api_ip_address }}" - connect_timeout: 1 - delay: 10 - timeout: 25 - #when: "not run_on_github|bool" - -- name: import hasura metadata - command: "{{ api_hasura_cli_bin }} metadata apply --from-file" - args: - chdir: "{{ api_home }}/{{ product_name }}" - become: yes - become_user: "{{ fworch_user }}" - environment: "{{ proxy_env }}" - when: "not api_no_metadata | bool" diff --git a/roles/api/tasks/hasura-install.yml b/roles/api/tasks/hasura-install.yml index 46f4d30de..6eaa05ec6 100644 --- a/roles/api/tasks/hasura-install.yml +++ b/roles/api/tasks/hasura-install.yml @@ -10,12 +10,6 @@ - python3-docker become: yes -# - name: install docker sdk for python via pip3 -# pip: -# name: docker -# become: yes -# become_user: "{{ fworch_user }}" - - name: read dbadmin pwd from secrets file slurp: src: "{{ dbadmin_password_file }}" @@ -64,6 +58,32 @@ group: "{{ fworch_group }}" become: yes +- name: create /usr/local/bin + file: + path: /usr/local/bin + state: directory + mode: "0755" + become: yes + +- name: download {{ api_hasura_version }} hasura cli binary + get_url: + url: "https://github.com/hasura/graphql-engine/releases/download/{{ api_hasura_version }}/cli-hasura-linux-amd64" + dest: "{{ api_hasura_cli_bin }}" + force: yes + mode: "0755" + owner: "{{ fworch_user }}" + group: "{{ fworch_group }}" + environment: "{{ proxy_env }}" + become: yes + +- name: initialize hasura cli directory + command: "{{ api_hasura_cli_bin }} init {{ product_name }} --endpoint http://{{ api_ip_address }}:{{ api_port }} --admin-secret {{ api_hasura_admin_secret }}" + args: + chdir: "{{ api_home }}" + become: yes + become_user: "{{ fworch_user }}" + environment: "{{ proxy_env }}" + - name: set hasura env variable set_fact: hasura_env: @@ -74,17 +94,20 @@ HASURA_GRAPHQL_LOG_LEVEL: "{{ api_log_level }}" HASURA_GRAPHQL_ENABLED_LOG_TYPES: '{{ api_HASURA_GRAPHQL_ENABLED_LOG_TYPES }}' HASURA_GRAPHQL_CONSOLE_ASSETS_DIR: "/srv/console-assets" + HASURA_GRAPHQL_V1_BOOLEAN_NULL_COLLAPSE: "true" HASURA_GRAPHQL_CORS_DOMAIN: "*" - HASURA_GRAPHQL_JWT_SECRET: ' + HASURA_GRAPHQL_JWT_SECRET: ' { "type": "{{ api_hasura_jwt_alg|quote }}", - "key": "{{ api_hasura_jwt_secret }}", + "key": "{{ api_hasura_jwt_secret | regex_replace(''\n'', ''\\n'') }}", "claims_namespace_path": "$" } - ' + ' HTTP_PROXY: "{{ http_proxy }}" HTTPS_PROXY: "{{ https_proxy }}" +# "claims_namespace_path": "https://hasura.io/jwt/claims" + - name: show hasura env for debugging debug: var: @@ -147,3 +170,26 @@ daemon_reload: yes enabled: yes become: yes + +# api config (metadata) + +- name: wait for hasura port to become available + wait_for: + port: "{{ api_port }}" + host: "{{ api_ip_address }}" + connect_timeout: 1 + delay: 10 + timeout: 25 + +- name: import API metadata via metadata API directly + uri: + url: "http://{{ api_ip_address }}:{{ api_port }}/v1/metadata" + method: POST + return_content: yes + body_format: json + headers: + Content-Type: application/json + x-hasura-admin-secret: "{{ api_hasura_admin_secret }}" + x-hasura-role: "admin" + body: "{{ lookup('file','replace_metadata.json') | from_json }}" + # body: "{{ lookup('file','replace_metadata.json') | to_json | from_json }}" diff --git a/roles/api/tasks/main.yml b/roles/api/tasks/main.yml index 07469b08c..f3f534378 100644 --- a/roles/api/tasks/main.yml +++ b/roles/api/tasks/main.yml @@ -36,8 +36,9 @@ - name: hasura install import_tasks: hasura-install.yml -- name: hasura basic config - import_tasks: hasura-basic-config.yml +- name: include upgrade script + import_tasks: run-upgrades.yml + when: "installation_mode == 'upgrade'" - name: api create documentation import_tasks: api-create-docu.yml diff --git a/roles/api/tasks/run-upgrades.yml b/roles/api/tasks/run-upgrades.yml new file mode 100644 index 000000000..bb90e3085 --- /dev/null +++ b/roles/api/tasks/run-upgrades.yml @@ -0,0 +1,29 @@ + + # install all upgrades between running version and version currently being installed + +- set_fact: + installed_version: "{{ old_version }}" + current_version: "{{ product_version }}" + all_upgrades_available: "{{ lookup('fileglob', 'upgrade/*.yml') }}" + upgrade_files: [] + +- name: set list of relevant upgrade files (without extension) + set_fact: + upgrade_files: "{{ upgrade_files + [ item | basename | splitext | first | regex_replace('([\\d\\.]+)\\.yml', '\\1') ] }}" + when: | + installed_version < item | basename | splitext | first | regex_replace('([\\d\\.]+)\\.yml', '\\1') + and + current_version >= item | basename | splitext | first | regex_replace('([\\d\\.]+)\\.yml', '\\1') + with_fileglob: + - "upgrade/*.yml" + +- debug: + msg: + - "installed_version: {{ installed_version }}" + - "current_version: {{ current_version }}" + - "all_upgrades_available: {{ all_upgrades_available }}" + +- name: install upgrades + include: upgrade/{{ item }}.yml + loop: "{{ upgrade_files | sort }}" + become: yes diff --git a/roles/database/files/sql/idempotent/fworch-texts.sql b/roles/database/files/sql/idempotent/fworch-texts.sql index d523e3edb..423e6e17d 100644 --- a/roles/database/files/sql/idempotent/fworch-texts.sql +++ b/roles/database/files/sql/idempotent/fworch-texts.sql @@ -45,6 +45,8 @@ INSERT INTO txt VALUES ('jwt_expiry', 'German', 'JWT abgelaufen'); INSERT INTO txt VALUES ('jwt_expiry', 'English', 'JWT expired'); INSERT INTO txt VALUES ('api_access', 'German', 'Zugang zur API'); INSERT INTO txt VALUES ('api_access', 'English', 'API access'); +INSERT INTO txt VALUES ('none', 'German', 'Keine(r/s)'); +INSERT INTO txt VALUES ('none', 'English', 'None'); -- login INSERT INTO txt VALUES ('login', 'German', 'Anmelden'); @@ -370,8 +372,8 @@ INSERT INTO txt VALUES ('recertify', 'German', 'Rezertifizieren'); INSERT INTO txt VALUES ('recertify', 'English', 'Recertify'); INSERT INTO txt VALUES ('decertify', 'German', 'Dezertifizieren'); INSERT INTO txt VALUES ('decertify', 'English', 'Decertify'); -INSERT INTO txt VALUES ('none', 'German', 'Später'); -INSERT INTO txt VALUES ('none', 'English', 'None'); +INSERT INTO txt VALUES ('later', 'German', 'Später'); +INSERT INTO txt VALUES ('later', 'English', 'None'); INSERT INTO txt VALUES ('due_within', 'German', 'Fällig in (Tagen)'); INSERT INTO txt VALUES ('due_within', 'English', 'Due within (days)'); INSERT INTO txt VALUES ('load_rules', 'German', 'Regeln laden'); @@ -532,8 +534,8 @@ INSERT INTO txt VALUES ('from_ldap', 'German', 'von LDAP'); INSERT INTO txt VALUES ('from_ldap', 'English', 'from LDAP'); INSERT INTO txt VALUES ('search_pattern', 'German', 'Suchmuster'); INSERT INTO txt VALUES ('search_pattern', 'English', 'Search Pattern'); -INSERT INTO txt VALUES ('new_dn', 'German', 'Neu (Dn)'); -INSERT INTO txt VALUES ('new_dn', 'English', 'New (Dn)'); +INSERT INTO txt VALUES ('internal_group', 'German', 'Interne Gruppe'); +INSERT INTO txt VALUES ('internal_group', 'English', 'Internal Group'); INSERT INTO txt VALUES ('user_group', 'German', 'Nutzer/Gruppe'); INSERT INTO txt VALUES ('user_group', 'English', 'User/Group'); INSERT INTO txt VALUES ('add_gateway', 'German', 'Gateway hinzufügen'); @@ -676,8 +678,6 @@ INSERT INTO txt VALUES ('fetch_ldap_conn', 'German', 'LDAP-Verbindungen ho INSERT INTO txt VALUES ('fetch_ldap_conn', 'English', 'Fetch LDAP connections'); INSERT INTO txt VALUES ('search_users', 'German', 'Nutzer suchen'); INSERT INTO txt VALUES ('search_users', 'English', 'Search Users'); -INSERT INTO txt VALUES ('new_user', 'German', 'Neuer Nutzer'); -INSERT INTO txt VALUES ('new_user', 'English', 'New User'); INSERT INTO txt VALUES ('get_tenant_data', 'German', 'Mandantendaten abholen'); INSERT INTO txt VALUES ('get_tenant_data', 'English', 'Get tenant data'); INSERT INTO txt VALUES ('add_tenant', 'German', 'Mandant hinzufügen'); @@ -732,8 +732,16 @@ INSERT INTO txt VALUES ('left_sidebar', 'German', 'Linke Randleiste'); INSERT INTO txt VALUES ('left_sidebar', 'English', 'Left Sidebar'); INSERT INTO txt VALUES ('right_sidebar', 'German', 'Rechte Randleiste'); INSERT INTO txt VALUES ('right_sidebar', 'English', 'Right Sidebar'); -INSERT INTO txt VALUES ('introduction', 'German', 'Einleitung'); -INSERT INTO txt VALUES ('introduction', 'English', 'Introduction'); +INSERT INTO txt VALUES ('api_general', 'German', 'API allgemein'); +INSERT INTO txt VALUES ('api_general', 'English', 'API general'); +INSERT INTO txt VALUES ('api_user_mgmt', 'German', 'User Management'); +INSERT INTO txt VALUES ('api_user_mgmt', 'English', 'User Management'); +INSERT INTO txt VALUES ('api_umgmt_auth', 'German', 'Authentisierung'); +INSERT INTO txt VALUES ('api_umgmt_auth', 'English', 'Authentication'); +INSERT INTO txt VALUES ('umgmt_auth_expl', 'German', 'Zur Authentisierung verwenden Sie folgenden API-Call, der bei erfolgreicher Authentisierung einen JWT zurückliefert'); +INSERT INTO txt VALUES ('umgmt_auth_expl', 'English', 'For authentication use the following API call, which will return a JWT for the user upon successful authentication'); +INSERT INTO txt VALUES ('api_fwo', 'German', 'FWO API'); +INSERT INTO txt VALUES ('api_fwo', 'English', 'FWO API'); INSERT INTO txt VALUES ('graphql', 'German', 'GraphQL'); INSERT INTO txt VALUES ('graphql', 'English', 'GraphQL'); INSERT INTO txt VALUES ('hasura', 'German', 'Hasura'); @@ -766,6 +774,8 @@ INSERT INTO txt VALUES ('get_with_jwt', 'German', 'Holen der Namen alle INSERT INTO txt VALUES ('get_with_jwt', 'English', 'Get the names of all firewall managements using standard JWT access'); INSERT INTO txt VALUES ('get_with_jwt_role', 'German', 'Holen der Namen aller Firewall-Managements mit Standard-JWT-Zugang und spezifischer Rolle'); INSERT INTO txt VALUES ('get_with_jwt_role', 'English', 'Get the names of all firewall managements using standard JWT access and specifying a certain role'); +INSERT INTO txt VALUES ('get_single_dev_rules', 'German', 'Alle aktuellen Regeln von Gateway mit ID 1 holen'); +INSERT INTO txt VALUES ('get_single_dev_rules', 'English', 'Get all current rules of gateway with ID 1'); INSERT INTO txt VALUES ('parameters', 'German', 'Parameter'); INSERT INTO txt VALUES ('parameters', 'English', 'Parameters'); @@ -922,6 +932,8 @@ INSERT INTO txt VALUES ('E5207', 'German', 'kein internes LDAP gefunden'); INSERT INTO txt VALUES ('E5207', 'English', 'No internal LDAP found'); INSERT INTO txt VALUES ('E5208', 'German', 'Keine Nutzer gefunden'); INSERT INTO txt VALUES ('E5208', 'English', 'No users found'); +INSERT INTO txt VALUES ('E5210', 'German', 'Nutzer (Dn) existiert bereits'); +INSERT INTO txt VALUES ('E5210', 'English', 'User (Dn) is already existing'); INSERT INTO txt VALUES ('E5211', 'German', 'Name und Passwort müssen gefüllt sein'); INSERT INTO txt VALUES ('E5211', 'English', 'Name and Password have to be filled'); INSERT INTO txt VALUES ('E5212', 'German', 'Unbekannter Mandant'); @@ -970,14 +982,14 @@ INSERT INTO txt VALUES ('E5244', 'German', 'Zu löschender Nutzer nicht gef INSERT INTO txt VALUES ('E5244', 'English', 'User to delete not found'); INSERT INTO txt VALUES ('E5245', 'German', 'Nicht-Beispielnutzer zur Gruppe zugeordnet. Löschen nicht möglich'); INSERT INTO txt VALUES ('E5245', 'English', 'Non-sample user assigned to group. Delete not possible'); +INSERT INTO txt VALUES ('E5246', 'German', 'Gruppe konnte der Rolle im LDAP nicht zugewiesen werden'); +INSERT INTO txt VALUES ('E5246', 'English', 'Group could not be added to role in LDAP'); INSERT INTO txt VALUES ('E5251', 'German', 'Keine Rollen gefunden'); INSERT INTO txt VALUES ('E5251', 'English', 'No roles found'); INSERT INTO txt VALUES ('E5252', 'German', 'Bitte nutzen sie ein Suchmuster mit Mindestlänge '); INSERT INTO txt VALUES ('E5252', 'English', 'Please use pattern of min length '); -INSERT INTO txt VALUES ('E5253', 'German', 'Bitte einen richtigen Nutzer definieren'); -INSERT INTO txt VALUES ('E5253', 'English', 'Please define a proper user'); -INSERT INTO txt VALUES ('E5254', 'German', 'Nutzer ist dieser Rolle schon zugewiesen'); -INSERT INTO txt VALUES ('E5254', 'English', 'User is already assigned to this role'); +INSERT INTO txt VALUES ('E5254', 'German', 'Nutzer/Gruppe ist dieser Rolle schon zugewiesen'); +INSERT INTO txt VALUES ('E5254', 'English', 'User/group is already assigned to this role'); INSERT INTO txt VALUES ('E5255', 'German', 'Nutzer konnte der Rolle im LDAP nicht zugewiesen werden'); INSERT INTO txt VALUES ('E5255', 'English', 'User could not be added to role in LDAP'); INSERT INTO txt VALUES ('E5256', 'German', 'Der letzte Admin kann nicht gelöscht werden'); @@ -1505,12 +1517,22 @@ INSERT INTO txt VALUES ('H5153', 'English', 'Device Type*: Out of a list of avai INSERT INTO txt VALUES ('H5154', 'German', 'Management*: Wählen Sie das Management, welches dieses Gateway kontrolliert. Wenn zu einem Beispielmanagement zugeordnet, wird es mitgelöscht, wenn die "Beispieldaten löschen"-Schaltfläche bei den Managementeinstellungen betätigt wird.'); INSERT INTO txt VALUES ('H5154', 'English', 'Management*: Select the management system that controls this gateway. If related to a sample management this Gateway will also be deleted when using the "Remove Sample Data" button on the management settings page.'); INSERT INTO txt VALUES ('H5155', 'German', 'Rulebase*: Hier wird der Name der Rulebase hinterlegt. - Für Check Point R8x kommt hierhin der Name der top level Zugriffsschicht (default ist "Network"). - For Check Point R8x MDS wird hier der Name der global policy Schicht eingetragen, gefolgt vom Namen der domain policy, gertrennt durch "/", z.B. "global-policy-layer-name/domain-policy-layer-name". +
    +
  • Für Check Point R8x kommt hierhin der Name der top level Zugriffsschicht (default ist "Network").
    • +
  • Für Check Point R8x MDS wird hier der Name der global policy Schicht eingetragen, gefolgt vom Namen der domain policy, gertrennt durch "/", z.B. "global-policy-layer-name/domain-policy-layer-name".
    • +
  • Für Fortinet-Systeme muss jedes Gateway (auch jede vdom) als separates Management mit einem einzelnen Gateway eingeragen werden. + Bei vdoms sind sowohl Management-Name, Gateway-Name als auch Regelwerksname wie folgt zu bilden: Systemname___vdom-Name (Trennzeichen: 3x Unterstrich) +
    • +
'); INSERT INTO txt VALUES ('H5155', 'English', 'Rulebase*: Enter the name of the rulebase here. - For Check Point R8x the top level access layer name goes here (default is "Network"). - For Check Point R8x MDS enter the name of the global policy layer followed by the name of the domain policy separated by "/", e.g. "global-policy-layer-name/domain-policy-layer-name". +
    +
  • For Check Point R8x the top level access layer name goes here (default is "Network").
    • +
  • For Check Point R8x MDS enter the name of the global policy layer followed by the name of the domain policy separated by "/", e.g. "global-policy-layer-name/domain-policy-layer-name".
    • +
  • For Fortinet systems every gateway (and every vdom) must be defined as a separate management system with a single gateway. + When dealing with vdoms set management name, gateway name and rulebase name as follows: system name___vdom name (separator: 3x underscore) +
    • +
'); INSERT INTO txt VALUES ('H5156', 'German', 'Import Deaktiviert: Schalter um den Datenimport zu deaktivieren.'); INSERT INTO txt VALUES ('H5156', 'English', 'Import Disabled: Flag if the data import is disabled.'); @@ -1551,6 +1573,8 @@ INSERT INTO txt VALUES ('H5201', 'English', 'Admins can create and administrate Deletion is only allowed, if it is not the internal Ldap (defined by the existence of a role search path) and if it is not the last Ldap.
The clone button helps defining new Ldaps by copying the data from existing ones. Before saving at least the address or port number have to be changed. '); +INSERT INTO txt VALUES ('H5210', 'German', 'Name*: Name des verbundenen Ldap. Kann frei gewählt werden. Wenn nicht vergeben, wird der Host (Adresse:Port) dargestellt.'); +INSERT INTO txt VALUES ('H5210', 'English', 'Name*: Name of the connected Ldap to be freely given. If not assigned the Host (Address:Port) is displayed.'); INSERT INTO txt VALUES ('H5211', 'German', 'Adresse*: Adresse des verbundenen Ldap (z.B. IP-Adresse)'); INSERT INTO txt VALUES ('H5211', 'English', 'Address*: Address of the connected Ldap (e.g. IP address).'); INSERT INTO txt VALUES ('H5212', 'German', 'Port*: Portnummer des verbundenen Ldap.'); @@ -1619,12 +1643,14 @@ INSERT INTO txt VALUES ('H5248', 'German', 'Gateways: Alle mit diesem Mandanten INSERT INTO txt VALUES ('H5248', 'English', 'Gateways: All gateways related to this tenant.'); INSERT INTO txt VALUES ('H5261', 'German', 'Hier werden alle dem System bekannten Nutzer dargestellt. Das sind alle im internen Ldap angelegten Nutzer, sowie Nutzer von externen Ldaps, die sich schon mindestens einmal angemeldet haben.
- Der Administrator kann Nutzer anlegen, ändern oder löschen. + Der Administrator kann Nutzer anlegen, ändern oder löschen. Beim Anlegen besteht auch die Möglichkeit, sofort Gruppen- und Rollenzugehörigkeiten festzulegen. + Weitere Gruppen- und Rollenzuordnungen können dann in den Abschnitten Gruppen bzw. Rollen erfolgen.
Wenn Beispieldaten (definiert durch die Endung "_demo" vom Nutzernamen) existieren, wird eine Schaltfläche angezeigt, um diese zu löschen. '); INSERT INTO txt VALUES ('H5261', 'English', 'Here all users known to the system are displayed. These are all users defined in the internal Ldap and users from external Ldaps who have already logged in at least once.
- The administrator can add, change or delete users. + The administrator can add, change or delete users. When adding there is the possibility to assign group or role memberships. + Further memberships can be administrated in the groups resp. roles sections.
If there are sample data (defined by the ending "_demo" of the user name), a button is displayed to delete them. '); INSERT INTO txt VALUES ('H5271', 'German', 'Aktionen: Nutzer können geklont, geändert oder gelöscht werden. @@ -1655,11 +1681,13 @@ INSERT INTO txt VALUES ('H5278', 'English', 'Pwd Chg Req: Flag that the user has The flag is set when a new user is added or when the admin has reset the password, except for users with auditor role, because that role is not allowed to make any changes in the system. '); -INSERT INTO txt VALUES ('H5301', 'German', 'Der Admin kann Nutzergruppen im internen Ldap definieren.
+INSERT INTO txt VALUES ('H5301', 'German', 'Der Admin kann Nutzergruppen im internen Ldap definieren. Dabei besteht die Möglichkeit, sie gleich einer Rolle zuzuordnen. + Weitere Rollenzuordnungen können dann unter Rollen erfolgen.
Wenn Beispieldaten (definiert durch die Endung "_demo" vom Gruppennamen) existieren, wird eine Schaltfläche angezeigt, um diese zu löschen. Die Löschung ist nicht möglich, wenn Nutzer, die nicht als Beispielnutzer gekennzeichnet sind (Name endet nicht auf "_demo"), der Gruppe zugeordnet sind. '); -INSERT INTO txt VALUES ('H5301', 'English', 'Groups of users can be defined by the admin in the internal Ldap.
+INSERT INTO txt VALUES ('H5301', 'English', 'Groups of users can be defined by the admin in the internal Ldap. When adding there is the possibility to assign a role membership. + Further memberships can be administrated in the roles section.
If there are sample data (defined by the ending "_demo" of the group name), a button is displayed to delete them. The deletion is only possible, if there are no non-sample users (user name not ending with "_demo") assigned to the group. '); @@ -1700,9 +1728,9 @@ INSERT INTO txt VALUES ('H5351', 'English', 'Search in one of the Nutzereinstellungen dargestellt wird.'); -INSERT INTO txt VALUES ('H5352', 'English', 'Select from the list of known users also displayed in the Users settings.'); -INSERT INTO txt VALUES ('H5353', 'German', 'Manuelle Eingabe des Distinguished name (Dn).'); -INSERT INTO txt VALUES ('H5353', 'English', 'Manually insert a new distinguished name (Dn).'); +INSERT INTO txt VALUES ('H5352', 'English', 'Select from the list of known users also displayed in the users settings.'); +INSERT INTO txt VALUES ('H5353', 'German', 'Auswahl aus der Liste der internen Gruppen, wie sie in den Gruppeneinstellungen dargestellt wird.'); +INSERT INTO txt VALUES ('H5353', 'English', 'Select from the list of internal groups also displayed in the groups settings.'); INSERT INTO txt VALUES ('H5401', 'German', 'Der Admin kann verschiedene Standardwerte definieren, die dann für alle Nutzer gelten.
Manche von ihnen können in den individuellen Nutzereinstellungen überschrieben werden. '); @@ -1790,22 +1818,33 @@ INSERT INTO txt VALUES ('H5481', 'English', 'A recertifier can overwrite some pe The default value is set by the admin in the Default Settings. '); -INSERT INTO txt VALUES ('H6001', 'German', 'Firewall Orchestrator hat eine GraphQl API welche auf Hasura basiert. - Diese erlaubt, flexibel den Zugang zu allen Daten der Datenbank und die Granularität der zurückgegebenen Daten zu steuern. -'); -INSERT INTO txt VALUES ('H6001', 'English', 'Firewall Orchestrator has a GraphQl API which is based on Hasura. - This allows us to flexibly provide access to all data in the database and also define the level of granularity the data is returned in. -'); -INSERT INTO txt VALUES ('H6011', 'German', 'Der Abschnitt "Einleitung" gibt einen kurzen Überblick in die zugrundeliegende Technologie wie GraphQl - und Hasura, gibt einen Einblick in die Sicherheits-Mechanismen sowie - weiterführendes Material. -'); -INSERT INTO txt VALUES ('H6011', 'English', 'The section "Introduction" provides a quick overview touching basic underlying technology like GraphQl - and Hasura, gives some insight into Security mechanisms as well as - further reading material. +INSERT INTO txt VALUES ('H6001', 'German', 'Firewall Orchestrator verfügt über zwei APIs: +
    +
  • Die Haupt- (oder FWO) API, die den Zugriff auf die Firewall-Nutzdaten erlaubt.
    • +
  • Die User Management API, mit deren Hilfe der die Firewall Orchestrator Nutzer ausgelesen oder geändert werden können.
    • +
+ Die FWO API ist eine GraphQl API, welche auf Hasura basiert. + Diese erlaubt es, flexibel den Zugang zu allen Daten der Datenbank und die Granularität der zurückgegebenen Daten zu steuern. +
+
+ Die User Management API ermöglicht sowohl die Benutzer-Authentifizierung als auch das Anlegen von lokalen Nutzern sowie die Vergabe von Berechtigungen in Form von Rollen oder Tenant-Zugehörigkeit auf Nutzer- und Nutzergruppenebene. +

+ Beim Testen der API-Zugriffe ohne gültiges Zertifikat kann der "--insecure" parameter bei den angegebenen curl Beispielen verwendet werden. +'); +INSERT INTO txt VALUES ('H6001', 'English', 'Firewall Orchestrator features two APIs: +
    +
  • The main (or FWO) API which allows access to the firewall configuration data
    • +
  • The User Management API which can be used to handle Firewall Orchestrator users
    • +
+ + The FWO API is a GraphQl API which is based on Hasura. + This allows us to flexibly provide access to all data in the database and also define the level of granularity the data is returned in.
+
+ The User Management API allows user authentication as well as user manipulation such as listing, adding, deleting, changing users and + their access permissions (roles and tenant memberships). +

+ Note that when API testing without a valid certificate installed for your API, consider using the "--insecure" parameter for your curl test calls. '); -INSERT INTO txt VALUES ('H6012', 'German', 'Das Kapitel "Wichtige Kommandos" liefert detailliertere Beispiele für die Nutzung der API.'); -INSERT INTO txt VALUES ('H6012', 'English', 'The chapter "Basic commands" gives more detailed examples for the usage of the API.'); INSERT INTO txt VALUES ('H6101', 'German', 'GraphQL nutzt einen leicht anderen Ansatz als REST, indem es keine fixen Entry points zur API definiert. Stattdessen hat man die Freiheit, eine exakt auf die gewünschte Detailtiefe angepasste Query zu nutzen. '); @@ -1813,13 +1852,13 @@ INSERT INTO txt VALUES ('H6101', 'English', 'GraphQL uses a slightly different a Instead you are free to use a custom query specifying exactly which level of detail you want to return each time. '); INSERT INTO txt VALUES ('H6102', 'German', 'GraphQL bietet eine interaktive Web-Oberfläche, die genutzt werden kann, um Querys und Mutations zu erstellen und zu testen.
- Sie kann unter folgendem Link erreicht werden: https://<Name ihrer Firewall Orchestrator-Instanz>:9443/api/. + Sie kann unter folgendem Link erreicht werden: https://"Name ihrer Firewall Orchestrator-Instanz":9443/api/. '); INSERT INTO txt VALUES ('H6102', 'English', 'GraphQL provides you with an interactive web user interface that can be used to construct and test queries as well as mutations.
- It can be accesses via the following link: https://<name of your firewall orchestrator instance>:9443/api/. + It can be accesses via the following link: https://"name of your firewall orchestrator instance":9443/api/. '); INSERT INTO txt VALUES ('H6103', 'German', 'Das Admin Kennwort kann auf dem API-Server in folgender Datei gefunden werden:'); -INSERT INTO txt VALUES ('H6103', 'English', 'Note that the admin secret can be found on the API server in following file:'); +INSERT INTO txt VALUES ('H6103', 'English', 'Note that the admin secret can be found on the API server in the following file:'); INSERT INTO txt VALUES ('H6201', 'German', 'Hasura stellt einen Link zur darunterliegenden PostgreSQL-Datenbank zur Verfügung.
Es implementiert eine Zugriffskontrollschicht und könnte auch einen REST API Zugang anbieten, falls Bedarf besteht. '); @@ -1850,8 +1889,8 @@ INSERT INTO txt VALUES ('H6501', 'German', 'Der Middlewareserver liefert den JW INSERT INTO txt VALUES ('H6501', 'English', 'The middleware server provides the JWT for authentication against the API.'); INSERT INTO txt VALUES ('H6601', 'German', 'Es gibt keine spezielle Abmeldefunktionalität. Wenn der JWT ungültig wird, kann die API einfach nicht mehr damit genutzt werden.'); INSERT INTO txt VALUES ('H6601', 'English', 'There is no specific logout functionality. When the JWT becomes invalid, API simply can no longer be made with this JWT.'); -INSERT INTO txt VALUES ('H6701', 'German', '(Bitte beachten, dass diese Query nicht funktionieren kann, da der JWT nicht mehr gültig ist.)'); -INSERT INTO txt VALUES ('H6701', 'English', '(Note that the query will not work as the sample JWT is not valid anymore.)'); +INSERT INTO txt VALUES ('H6701', 'German', '(Bitte ihren aktuellen JWT in der Query einsetzen. Der hier angegebene JWT ist nicht mehr gültig.)'); +INSERT INTO txt VALUES ('H6701', 'English', '(Note that the query will not work as the sample JWT is not valid anymore. Please use a current JWT.)'); INSERT INTO txt VALUES ('H6702', 'German', 'Ergebnis auf einem System mit Beispieldaten:'); INSERT INTO txt VALUES ('H6702', 'English', 'Result on a system with demo data:'); INSERT INTO txt VALUES ('H6801', 'German', 'Folgende Mutation (funktioniert noch nicht) setzt die Sprache vom Nutzer mit der Id 1 auf Deutsch:'); diff --git a/roles/database/files/sql/test/hasura-test.sql b/roles/database/files/sql/test/hasura-test.sql new file mode 100644 index 000000000..bf6599c54 --- /dev/null +++ b/roles/database/files/sql/test/hasura-test.sql @@ -0,0 +1,31 @@ + +-- cannot test hasura before API was installed, so can only run this on upgrade + +BEGIN; + +CREATE EXTENSION IF NOT EXISTS pgtap; + +-- CREATE OR REPLACE FUNCTION hdb_catalog.test_1_hdb_catalog_schema() +-- RETURNS SETOF TEXT LANGUAGE plpgsql AS $$ +-- BEGIN +-- RETURN NEXT has_table( 'hdb_catalog.hdb_action_log' ); +-- RETURN NEXT has_table( 'hdb_catalog.hdb_metadata' ); +-- RETURN NEXT has_table( 'hdb_catalog.hdb_version' ); +-- END; +-- $$; + +CREATE OR REPLACE FUNCTION hdb_catalog.test_2_hdb_catalog_data() +RETURNS SETOF TEXT LANGUAGE plpgsql AS $$ +BEGIN + RETURN NEXT results_eq('SELECT cast((select COUNT(*) FROM hdb_catalog.hdb_metadata) as integer)', 'SELECT cast (1 as integer)', 'there should be exactly one metadata entry'); +END; +$$; + +CREATE OR REPLACE FUNCTION hdb_catalog.shutdown_1() RETURNS VOID LANGUAGE plpgsql AS $$ +BEGIN + drop function if exists hdb_catalog.test_1_hdb_catalog_schema(); + drop function if exists hdb_catalog.test_2_hdb_catalog_data(); +END; +$$; + +SELECT * FROM runtests('hdb_catalog'::name); diff --git a/roles/database/files/sql/test/test-basic-procs.sql b/roles/database/files/sql/test/test-basic-procs.sql deleted file mode 100644 index 58a1381b2..000000000 --- a/roles/database/files/sql/test/test-basic-procs.sql +++ /dev/null @@ -1,51 +0,0 @@ -\set ECHO none -\set QUIET 1 -\set ON_ERROR_ROLLBACK 1 -\set ON_ERROR_STOP true -\set QUIET 1 - -\pset format unaligned -\pset tuples_only true -\pset pager - -CREATE EXTENSION pgtap; - -BEGIN; -SELECT plan(14); - -SELECT is(select * from is_obj_group(select obj_id from object where obj_name='AuxiliaryNet'), false); -SELECT is(select * from is_obj_group(select obj_id from object where obj_name='CactusDA'), true); - -SELECT * FROM finish(); -ROLLBACK; - --- SELECT --- is(sign('{"sub":"1234567890","name":"John Doe","admin":true}', 'secret'), --- 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ'); - --- INSERT into object () values (); - --- SELECT --- throws_ok( --- $$SELECT header::text, payload::text, valid FROM verify( --- 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ', --- 'secret', 'bogus')$$, --- '22023', --- 'Cannot use "": No such hash algorithm', --- 'verify() should raise on bogus algorithm' --- ); - --- SELECT throws_ok( -- bogus header --- $$SELECT header::text, payload::text, valid FROM verify( --- 'eyJhbGciOiJIUzI1NiIBOGUScCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ', --- 'secret', 'HS256')$$ --- ); - --- SELECT --- results_eq( --- $$SELECT header::text, payload::text, valid FROM verify( --- 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ', --- 'secret')$$, --- $$VALUES ('{"alg":"HS256","typ":"JWT"}', '{"sub":"1234567890","name":"John Doe","admin":true}', true)$$, --- 'verify() should return return data marked valid' --- ); diff --git a/roles/database/files/sql/test/unit-test-cleanup.sql b/roles/database/files/sql/test/unit-test-cleanup.sql new file mode 100644 index 000000000..340756871 --- /dev/null +++ b/roles/database/files/sql/test/unit-test-cleanup.sql @@ -0,0 +1,3 @@ +drop extension if exists pgtap; +-- drop function if exists test_1_schema(); +-- drop function if exists test_2_functions(); \ No newline at end of file diff --git a/roles/database/files/sql/test/unit-tests.sql b/roles/database/files/sql/test/unit-tests.sql new file mode 100644 index 000000000..c293e76e4 --- /dev/null +++ b/roles/database/files/sql/test/unit-tests.sql @@ -0,0 +1,32 @@ + +BEGIN; +CREATE EXTENSION IF NOT EXISTS pgtap; + +CREATE OR REPLACE FUNCTION public.test_1_schema() +RETURNS SETOF TEXT LANGUAGE plpgsql AS $$ +BEGIN + RETURN NEXT has_table( 'object' ); + RETURN NEXT has_table( 'rule' ); + RETURN NEXT has_table( 'service' ); + RETURN NEXT has_table( 'usr' ); + RETURN NEXT hasnt_table( 'rule_order' ); +END; +$$; + +CREATE OR REPLACE FUNCTION public.test_2_functions() +RETURNS SETOF TEXT LANGUAGE plpgsql AS $$ +BEGIN + RETURN NEXT results_eq('SELECT * FROM are_equal(CAST(''1.2.3.4'' AS CIDR),CAST(''1.2.3.4/32'' AS CIDR))', 'SELECT TRUE', 'cidr are_equal should return true'); + RETURN NEXT results_eq('SELECT * FROM are_equal(7*0, 0)', 'SELECT TRUE', 'int are_equal should return true'); + RETURN NEXT results_eq('SELECT * FROM remove_spaces('' abc '')', 'SELECT CAST(''abc'' AS VARCHAR)', 'remove_spaces should return abc'); +END; +$$; + +CREATE OR REPLACE FUNCTION public.shutdown_1() RETURNS VOID LANGUAGE plpgsql AS $$ +BEGIN + drop function if exists test_1_schema(); + drop function if exists test_2_functions(); +END; +$$; + +SELECT * FROM runtests('public'::name); diff --git a/roles/database/tasks/main.yml b/roles/database/tasks/main.yml index 64bdfcf39..a0a140fc4 100644 --- a/roles/database/tasks/main.yml +++ b/roles/database/tasks/main.yml @@ -164,7 +164,7 @@ copy: src="{{ item }}" dest="{{ database_install_dir }}" owner="{{ fworch_user }}" group="{{ fworch_user }}" loop: - csv - - sql + - sql - name: create tablespace directory file: @@ -196,6 +196,11 @@ - name: (re)define functions and views import_tasks: recreate-functions-and-views.yml +- name: run unit tests + import_tasks: run-unit-tests.yml + when: not installation_mode == "uninstall" + tags: [ 'never', 'unittest' ] + - name: finalize handler for datarecovery set_fact: database_handler_guard: stop diff --git a/roles/database/tasks/run-unit-tests.yml b/roles/database/tasks/run-unit-tests.yml new file mode 100644 index 000000000..1983218a1 --- /dev/null +++ b/roles/database/tasks/run-unit-tests.yml @@ -0,0 +1,34 @@ + +- name: copy database test files to backend target + copy: src="sql/test" dest="{{ database_install_dir }}/sql" owner="{{ fworch_user }}" group="{{ fworch_user }}" + become: yes + +- set_fact: + unit_test_scripts: + - unit-tests.sql + - hasura-test.sql + - unit-test-cleanup.sql +# when: installation_mode == 'upgrade' + +# # do not run hasura tests during first install (as the tables are not there yet) +# - set_fact: +# unit_test_scripts: +# - unit-tests.sql +# - unit-test-cleanup.sql +# when: installation_mode == 'new' + +- name: run db unit tests + postgresql_query: + db: "{{ fworch_db_name }}" + path_to_script: "{{ database_install_dir }}/sql/test/{{ item }}" + become: yes + become_user: "postgres" + register: testresults + loop: "{{ unit_test_scripts }}" + tags: + - unittest + - test + +- name: Print db test results + debug: + msg: "test results: {{ testresults | to_nice_json }}" diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index bb76bfcfc..5acf14951 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -16,9 +16,10 @@ apt_key: url: https://download.docker.com/linux/ubuntu/gpg state: present - environment: - https_proxy: "{{ https_proxy }}" - when: https_proxy is defined + environment: "{{ proxy_env }}" + # environment: + # https_proxy: "{{ https_proxy }}" + # when: https_proxy is defined - name: add docker repo lineinfile: diff --git a/roles/importer/files/importer/CACTUS/FWORCH.pm b/roles/importer/files/importer/CACTUS/FWORCH.pm index 3421f4112..5074766b2 100644 --- a/roles/importer/files/importer/CACTUS/FWORCH.pm +++ b/roles/importer/files/importer/CACTUS/FWORCH.pm @@ -64,7 +64,7 @@ our $LDAP_o = &CACTUS::read_config::read_config("LDAP_o"); our $LDAP_server = &CACTUS::read_config::read_config("LDAP_server"); our $dbdriver = "Pg"; #our $ssh_id_basename = 'id_dsa'; -our $ssh_id_basename = 'id_rsa'; +our $ssh_id_basename = 'import_user_secret'; ############################################################ # getnum diff --git a/roles/importer/files/importer/CACTUS/FWORCH/import/checkpointR8x.pm b/roles/importer/files/importer/CACTUS/FWORCH/import/checkpointR8x.pm index ab1c8cf71..69d226ca0 100644 --- a/roles/importer/files/importer/CACTUS/FWORCH/import/checkpointR8x.pm +++ b/roles/importer/files/importer/CACTUS/FWORCH/import/checkpointR8x.pm @@ -124,11 +124,8 @@ sub copy_config_from_mgm_to_iso { my $enrich_cmd; my $rulebase_names = get_ruleset_name_list($rulebase_names_hash_ref); - # first extract password from $ssh_id_basename (normally containing ssh priv key) - my $pwd = `cat $workdir/$CACTUS::FWORCH::ssh_id_basename`; if ( ${^CHILD_ERROR_NATIVE} ) { $fehler_count++; } - chomp($pwd); if ( -r "$workdir/${CACTUS::FWORCH::ssh_id_basename}.pub" ) { $ssl_verify = "-s $workdir/${CACTUS::FWORCH::ssh_id_basename}.pub"; } @@ -142,9 +139,9 @@ sub copy_config_from_mgm_to_iso { $lib_path = "$base_path/checkpointR8x"; $get_config_bin = "$lib_path/get_config.py"; $enrich_config_bin = "$lib_path/enrich_config.py"; - $get_cmd = "$python_bin $get_config_bin -a $api_hostname -w '$pwd' -l '$rulebase_names' -u $api_user $api_port_setting $ssl_verify $domain_setting -o '$cfg_dir/$obj_file_base' -d $debug_level"; - $enrich_cmd = "$python_bin $enrich_config_bin -a $api_hostname -w '$pwd' -l '$rulebase_names' -u $api_user $api_port_setting $ssl_verify $domain_setting -c '$cfg_dir/$obj_file_base' -d $debug_level"; - + $get_cmd = "$python_bin $get_config_bin -a $api_hostname -w '$workdir/$CACTUS::FWORCH::ssh_id_basename' -l '$rulebase_names' -u $api_user $api_port_setting $ssl_verify $domain_setting -o '$cfg_dir/$obj_file_base' -d $debug_level"; + $enrich_cmd = "$python_bin $enrich_config_bin -a $api_hostname -w '$workdir/$CACTUS::FWORCH::ssh_id_basename' -l '$rulebase_names' -u $api_user $api_port_setting $ssl_verify $domain_setting -c '$cfg_dir/$obj_file_base' -d $debug_level"; + if ($debug_level>0) { print("getting config with command: $get_cmd\n"); } diff --git a/roles/importer/files/importer/checkpointR8x/enrich_config.py b/roles/importer/files/importer/checkpointR8x/enrich_config.py index 08a93a44e..35f297dcd 100755 --- a/roles/importer/files/importer/checkpointR8x/enrich_config.py +++ b/roles/importer/files/importer/checkpointR8x/enrich_config.py @@ -8,7 +8,7 @@ parser = argparse.ArgumentParser(description='Read configuration from Check Point R8x management via API calls') parser.add_argument('-a', '--apihost', metavar='api_host', required=True, help='Check Point R8x management server') -parser.add_argument('-w', '--password', metavar='api_password', required=True, help='password for management server') +parser.add_argument('-w', '--password', metavar='api_password_file', default='import_user_secret', help='name of the file to read the password for management server from') parser.add_argument('-u', '--user', metavar='api_user', default='fworch', help='user for connecting to Check Point R8x management server, default=fworch') parser.add_argument('-p', '--port', metavar='api_port', default='443', help='port for connecting to Check Point R8x management server, default=443') parser.add_argument('-D', '--domain', metavar='api_domain', default='', help='name of Domain in a Multi-Domain Envireonment') @@ -29,7 +29,9 @@ api_host = args.apihost api_port = args.port config_filename = args.configfile -api_password = args.password + +with open(args.password, "r") as password_file: + api_password = password_file.read().rstrip() api_domain = args.domain test_version = args.testing proxy_string = { "http" : args.proxy, "https" : args.proxy } diff --git a/roles/importer/files/importer/checkpointR8x/get_config.py b/roles/importer/files/importer/checkpointR8x/get_config.py index 25d81807b..5d8a98fef 100755 --- a/roles/importer/files/importer/checkpointR8x/get_config.py +++ b/roles/importer/files/importer/checkpointR8x/get_config.py @@ -29,7 +29,8 @@ parser = argparse.ArgumentParser(description='Read configuration from Check Point R8x management via API calls') parser.add_argument('-a', '--apihost', metavar='api_host', required=True, help='Check Point R8x management server') -parser.add_argument('-w', '--password', metavar='api_password', required=True, help='password for management server') +#parser.add_argument('-m', '--mgmid', metavar='management_id', required=True, default='fworch', help='database id of the management system to import') +parser.add_argument('-w', '--password', metavar='api_password_file', default='import_user_secret', help='name of the file to read the password for management server from') parser.add_argument('-u', '--user', metavar='api_user', default='fworch', help='user for connecting to Check Point R8x management server, default=fworch') parser.add_argument('-p', '--port', metavar='api_port', default='443', help='port for connecting to Check Point R8x management server, default=443') parser.add_argument('-D', '--domain', metavar='api_domain', default='', help='name of Domain in a Multi-Domain Envireonment') @@ -49,7 +50,8 @@ api_host = args.apihost api_port = args.port config_filename = args.out -api_password = args.password +with open(args.password, "r") as password_file: + api_password = password_file.read().rstrip() api_domain = args.domain proxy_string = { "http" : args.proxy, "https" : args.proxy } offset = 0 @@ -71,7 +73,6 @@ sid = getter.login(args.user,api_password,api_host,args.port,api_domain,ssl_verification, proxy_string) v_url = getter.get_api_url (sid, api_host, args.port, args.user, base_url, limit, test_version,ssl_verification, proxy_string) - config_json = { 'rulebases': [] } show_params_rules = {'limit':limit,'use-object-dictionary':use_object_dictionary,'details-level':details_level} diff --git a/roles/lib/files/FWO.ApiConfig/FWO.Config.csproj b/roles/lib/files/FWO.ApiConfig/FWO.Config.csproj index d3af4ea19..d6eb03794 100644 --- a/roles/lib/files/FWO.ApiConfig/FWO.Config.csproj +++ b/roles/lib/files/FWO.ApiConfig/FWO.Config.csproj @@ -5,7 +5,7 @@ - + diff --git a/roles/lib/files/FWO.Middleware.Client/FWO.Middleware.Client.csproj b/roles/lib/files/FWO.Middleware.Client/FWO.Middleware.Client.csproj index e12cbfc7b..1ac8a0728 100644 --- a/roles/lib/files/FWO.Middleware.Client/FWO.Middleware.Client.csproj +++ b/roles/lib/files/FWO.Middleware.Client/FWO.Middleware.Client.csproj @@ -5,7 +5,7 @@ - + diff --git a/roles/lib/files/FWO_API_Client/Data/LdapConnection.cs b/roles/lib/files/FWO_API_Client/Data/LdapConnection.cs index ac8c17c60..72244ab12 100644 --- a/roles/lib/files/FWO_API_Client/Data/LdapConnection.cs +++ b/roles/lib/files/FWO_API_Client/Data/LdapConnection.cs @@ -114,6 +114,16 @@ public bool IsWritable() return (WriteUser != null && WriteUser != ""); } + public bool HasGroupHandling() + { + return (GroupSearchPath != null && GroupSearchPath != ""); + } + + public bool HasRoleHandling() + { + return (RoleSearchPath != null && RoleSearchPath != ""); + } + public bool IsInternal() { return ((new DistName(UserSearchPath)).IsInternal()); diff --git a/roles/lib/files/FWO_API_Client/Data/UiUser.cs b/roles/lib/files/FWO_API_Client/Data/UiUser.cs index db6d223e3..d63ced40b 100644 --- a/roles/lib/files/FWO_API_Client/Data/UiUser.cs +++ b/roles/lib/files/FWO_API_Client/Data/UiUser.cs @@ -35,12 +35,12 @@ public class UiUser [JsonPropertyName("uiuser_password_must_be_changed")] public bool PasswordMustBeChanged { get; set; } - [JsonPropertyName("ldap_connection")] + [JsonPropertyName("ldap_connection")] public UiLdapConnection LdapConnection { get; set;} public string DefaultRole { get; set; } - public string[] Roles { get; set; } + public List Roles { get; set; } public string Jwt { get; set; } @@ -68,6 +68,10 @@ public UiUser(UiUser user) { Groups = user.Groups; } + if (user.Roles != null) + { + Roles = user.Roles; + } if (user.LdapConnection != null) { LdapConnection = new UiLdapConnection(user.LdapConnection); diff --git a/roles/lib/files/FWO_API_Client/Data/UserGroup.cs b/roles/lib/files/FWO_API_Client/Data/UserGroup.cs index 36ac641a2..e37188faa 100644 --- a/roles/lib/files/FWO_API_Client/Data/UserGroup.cs +++ b/roles/lib/files/FWO_API_Client/Data/UserGroup.cs @@ -7,6 +7,7 @@ public class UserGroup public string Name; public string Dn; public List Users { get; set; } + public List Roles { get; set; } public UserGroup() { @@ -21,6 +22,11 @@ public UserGroup(UserGroup group) { Users = new List(group.Users); } + if (group.Roles != null) + { + Roles = group.Roles; + } + } public string UserList() diff --git a/roles/lib/files/FWO_Config/FWO.Config.File.csproj b/roles/lib/files/FWO_Config/FWO.Config.File.csproj index 9f67531a7..977242f02 100644 --- a/roles/lib/files/FWO_Config/FWO.Config.File.csproj +++ b/roles/lib/files/FWO_Config/FWO.Config.File.csproj @@ -5,7 +5,7 @@ - + diff --git a/roles/middleware/files/FWO.Middleware.Server/FWO.Middleware.Server.csproj b/roles/middleware/files/FWO.Middleware.Server/FWO.Middleware.Server.csproj index 94dbc4dea..550d6317d 100644 --- a/roles/middleware/files/FWO.Middleware.Server/FWO.Middleware.Server.csproj +++ b/roles/middleware/files/FWO.Middleware.Server/FWO.Middleware.Server.csproj @@ -5,7 +5,7 @@ - + diff --git a/roles/middleware/files/FWO.Middleware.Server/JwtWriter.cs b/roles/middleware/files/FWO.Middleware.Server/JwtWriter.cs index beb985941..9f5a6298e 100644 --- a/roles/middleware/files/FWO.Middleware.Server/JwtWriter.cs +++ b/roles/middleware/files/FWO.Middleware.Server/JwtWriter.cs @@ -37,7 +37,7 @@ public async Task CreateJWT(UiUser user = null) if (user != null) subject = GetClaims(await (new UiUserHandler()).handleUiUserAtLogin(user, CreateJWTMiddlewareServer())); else - subject = GetClaims(new UiUser() { Name = "", Password = "", Dn = "anonymous", Roles = new string[] { "anonymous" } }); + subject = GetClaims(new UiUser() { Name = "", Password = "", Dn = "anonymous", Roles = new List { "anonymous" } }); // adding uiuser.uiuser_id as x-hasura-user-id to JWT // Create JWToken @@ -105,7 +105,7 @@ private ClaimsIdentity GetClaims(UiUser user) } // adding roles - string[] roles = user.Roles; + string[] roles = user.Roles.ToArray(); // we need to create an extra list beacause hasura only accepts an array of roles even if there is only one List hasuraRolesList = new List(); diff --git a/roles/middleware/files/FWO.Middleware.Server/Ldap.cs b/roles/middleware/files/FWO.Middleware.Server/Ldap.cs index 007c0cd0a..ccc8f0881 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Ldap.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Ldap.cs @@ -83,14 +83,29 @@ private LdapConnection Connect() } } + public string Host() + { + return Address + ":" + Port; + } + public bool IsWritable() { return (WriteUser != null && WriteUser != ""); } - public string Host() + public bool HasGroupHandling() { - return Address + ":" + Port; + return (GroupSearchPath != null && GroupSearchPath != ""); + } + + public bool HasRoleHandling() + { + return (RoleSearchPath != null && RoleSearchPath != ""); + } + + public bool IsInternal() + { + return ((new DistName(UserSearchPath)).IsInternal()); } private string getUserSearchFilter(string searchPattern) @@ -290,9 +305,9 @@ public string SetPassword(string userDn, string newPassword) return ""; } - public string[] GetRoles(List dnList) + public List GetRoles(List dnList) { - return GetMemberships(dnList, RoleSearchPath).ToArray(); + return GetMemberships(dnList, RoleSearchPath); } public List GetGroups(List dnList) @@ -305,7 +320,7 @@ public List GetMemberships(List dnList, string searchPath) List userMemberships = new List(); // If this Ldap is containing roles / groups - if (searchPath != null) + if (searchPath != null && searchPath != "") { try { @@ -364,7 +379,7 @@ public List>>> GetAllRole List>>> roleUsers = new List>>>(); // If this Ldap is containing roles - if (RoleSearchPath != null) + if (HasRoleHandling()) { try { @@ -740,19 +755,16 @@ public bool RemoveUserFromAllEntries(string userDn) { List dnList = new List(); dnList.Add(userDn); // group memberships do not need to be regarded here - string[] roles = GetRoles(dnList); + List roles = GetRoles(dnList); bool allRemoved = true; foreach(var role in roles) { allRemoved &= RemoveUserFromEntry(userDn, $"cn={role},{RoleSearchPath}"); } - if(GroupSearchPath != null && GroupSearchPath != "") + List groups = GetGroups(dnList); + foreach(var group in groups) { - List groups = GetGroups(dnList); - foreach(var group in groups) - { - allRemoved &= RemoveUserFromEntry(userDn, $"cn={group},{GroupSearchPath}"); - } + allRemoved &= RemoveUserFromEntry(userDn, $"cn={group},{GroupSearchPath}"); } return allRemoved; } diff --git a/roles/middleware/files/FWO.Middleware.Server/Requests/AddGroupRequestHandler.cs b/roles/middleware/files/FWO.Middleware.Server/Requests/AddGroupRequestHandler.cs index d51e2a0e5..d6a2c9dea 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Requests/AddGroupRequestHandler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Requests/AddGroupRequestHandler.cs @@ -30,13 +30,13 @@ public AddGroupRequestHandler(List Ldaps, APIConnection ApiConn) foreach (Ldap currentLdap in Ldaps) { - // if current Ldap is internal: Try to add group to current Ldap - if (currentLdap.IsWritable() && currentLdap.GroupSearchPath != null && currentLdap.GroupSearchPath != "") + // Try to add group to current Ldap + if (currentLdap.IsInternal() && currentLdap.IsWritable() && currentLdap.HasGroupHandling()) { await Task.Run(() => { groupAdded = currentLdap.AddGroup(groupName); - Log.WriteAudit("AddGroup", $"group {groupAdded} successfully added"); + if (groupAdded != "") Log.WriteAudit("AddGroup", $"group {groupAdded} successfully added to {currentLdap.Host()}"); }); } } diff --git a/roles/middleware/files/FWO.Middleware.Server/Requests/AddTenantRequestHandler.cs b/roles/middleware/files/FWO.Middleware.Server/Requests/AddTenantRequestHandler.cs index 042db84a0..b51281944 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Requests/AddTenantRequestHandler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Requests/AddTenantRequestHandler.cs @@ -27,23 +27,22 @@ public AddTenantRequestHandler(List Ldaps, APIConnection ApiConn) string tenantName = GetRequestParameter("TenantName", notNull: true); bool tenantAdded = false; - List ldapRoleRequests = new List(); - + foreach (Ldap currentLdap in Ldaps) { - // if current Ldap is internal: Try to add tenant in current Ldap - if (currentLdap.IsWritable()) + // Try to add tenant in current Ldap + if (currentLdap.IsInternal() && currentLdap.IsWritable()) { await Task.Run(() => { tenantAdded = currentLdap.AddTenant(tenantName); - Log.WriteAudit("AddTenant", $"Tenant {tenantAdded} successfully added"); + if (tenantAdded) Log.WriteAudit("AddTenant", $"Tenant {tenantName} successfully added to {currentLdap.Host()}"); }); } } // Return status and result - return WrapResult(HttpStatusCode.OK, ("tenantAdded", tenantAdded.ToString())); + return WrapResult(HttpStatusCode.OK, ("tenantAdded", tenantAdded)); } } } diff --git a/roles/middleware/files/FWO.Middleware.Server/Requests/AddUserRequestHandler.cs b/roles/middleware/files/FWO.Middleware.Server/Requests/AddUserRequestHandler.cs index 7ac899e0c..c45763a32 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Requests/AddUserRequestHandler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Requests/AddUserRequestHandler.cs @@ -33,13 +33,13 @@ public AddUserRequestHandler(List Ldaps, APIConnection ApiConn) foreach (Ldap currentLdap in Ldaps) { + // Try to add user to current Ldap if (currentLdap.Host() == ldap && currentLdap.IsWritable()) { await Task.Run(() => { - // Try to add user to current Ldap userAdded = currentLdap.AddUser(userDn, password, email); - if (userAdded) Log.WriteAudit("AddUser", $"user {userDn} successfully added"); + if (userAdded) Log.WriteAudit("AddUser", $"user {userDn} successfully added to {ldap}"); }); } } diff --git a/roles/middleware/files/FWO.Middleware.Server/Requests/AddUserToGroupRequestHandler.cs b/roles/middleware/files/FWO.Middleware.Server/Requests/AddUserToGroupRequestHandler.cs index d8b2cf2bb..f065c68d8 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Requests/AddUserToGroupRequestHandler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Requests/AddUserToGroupRequestHandler.cs @@ -31,13 +31,13 @@ public AddUserToGroupRequestHandler(List Ldaps, APIConnection ApiConn) foreach (Ldap currentLdap in Ldaps) { - // if current Ldap is internal: Try to add user to group in current Ldap - if (currentLdap.IsWritable() && currentLdap.GroupSearchPath != null && currentLdap.GroupSearchPath != "") + // Try to add user to group in current Ldap + if (currentLdap.IsInternal() && currentLdap.IsWritable() && currentLdap.HasGroupHandling()) { await Task.Run(() => { userAdded = currentLdap.AddUserToEntry(userDn, group); - Log.WriteAudit("AddUserToGroup", $"user {userAdded} successfully added to group {group}"); + if (userAdded) Log.WriteAudit("AddUserToGroup", $"user {userDn} successfully added to group {group} in {currentLdap.Host()}"); }); } } diff --git a/roles/middleware/files/FWO.Middleware.Server/Requests/AddUserToRoleRequestHandler.cs b/roles/middleware/files/FWO.Middleware.Server/Requests/AddUserToRoleRequestHandler.cs index 8a9a3bc71..47250c826 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Requests/AddUserToRoleRequestHandler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Requests/AddUserToRoleRequestHandler.cs @@ -32,15 +32,18 @@ public AddUserToRoleRequestHandler(List Ldaps, APIConnection ApiConn) foreach (Ldap currentLdap in Ldaps) { - ldapRoleRequests.Add(Task.Run(() => + // Try to add user to role in current Ldap + if (currentLdap.IsWritable() && currentLdap.HasRoleHandling()) { - // if current Ldap has roles stored: Try to add user to role in current Ldap - if (currentLdap.RoleSearchPath != null && currentLdap.RoleSearchPath != "" && currentLdap.AddUserToEntry(userDn, role)) + ldapRoleRequests.Add(Task.Run(() => { - userAdded = true; - Log.WriteAudit("AddUserToRole", $"user {userDn} successfully added to group {role}"); - } - })); + if(currentLdap.AddUserToEntry(userDn, role)) + { + userAdded = true; + Log.WriteAudit("AddUserToRole", $"user {userDn} successfully added to role {role} in {currentLdap.Host()}"); + } + })); + } } await Task.WhenAll(ldapRoleRequests); diff --git a/roles/middleware/files/FWO.Middleware.Server/Requests/AuthenticationRequestHandler.cs b/roles/middleware/files/FWO.Middleware.Server/Requests/AuthenticationRequestHandler.cs index db1618d9b..49aaa5bf4 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Requests/AuthenticationRequestHandler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Requests/AuthenticationRequestHandler.cs @@ -47,7 +47,7 @@ public AuthenticationRequestHandler(List Ldaps, JwtWriter tokenGenerator, // Return status and result HttpStatusCode status; - if(user.Roles.Length == 0 || user.Roles[0] == "anonymous") + if(user.Roles.Count == 0 || user.Roles[0] == "anonymous") { status = HttpStatusCode.PreconditionFailed; } @@ -136,7 +136,7 @@ public async Task GetLdapDistinguishedName(UiUser user) throw new Exception("A0002 Invalid credentials"); } - public async Task GetRoles(UiUser user) + public async Task> GetRoles(UiUser user) { List dnList = new List(); dnList.Add(user.Dn); @@ -151,20 +151,20 @@ public async Task GetRoles(UiUser user) foreach (Ldap currentLdap in Ldaps) { - ldapRoleRequests.Add(Task.Run(() => + // if current Ldap has roles stored + if (currentLdap.HasRoleHandling()) { - // if current Ldap has roles stored - if (currentLdap.RoleSearchPath != "") + ldapRoleRequests.Add(Task.Run(() => { // Get roles from current Ldap - string[] currentRoles = currentLdap.GetRoles(dnList); + List currentRoles = currentLdap.GetRoles(dnList); lock(rolesLock) { UserRoles.AddRange(currentRoles); } - } - })); + })); + } } await Task.WhenAll(ldapRoleRequests); @@ -177,7 +177,7 @@ public async Task GetRoles(UiUser user) UserRoles.Add("anonymous"); } - return UserRoles.ToArray(); + return UserRoles; } public async Task GetTenantAsync(UiUser user) diff --git a/roles/middleware/files/FWO.Middleware.Server/Requests/ChangePasswordHandler.cs b/roles/middleware/files/FWO.Middleware.Server/Requests/ChangePasswordRequestHandler.cs similarity index 96% rename from roles/middleware/files/FWO.Middleware.Server/Requests/ChangePasswordHandler.cs rename to roles/middleware/files/FWO.Middleware.Server/Requests/ChangePasswordRequestHandler.cs index 6bd9bffda..3b5d41b67 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Requests/ChangePasswordHandler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Requests/ChangePasswordRequestHandler.cs @@ -31,7 +31,7 @@ public ChangePasswordRequestHandler(List Ldaps, APIConnection ApiConn) foreach (Ldap currentLdap in Ldaps) { - // if current Ldap is internal: Try to change password in current Ldap + // if current Ldap is writable: Try to change password in current Ldap if (currentLdap.IsWritable()) { await Task.Run(async () => diff --git a/roles/middleware/files/FWO.Middleware.Server/Requests/DeleteGroupRequestHandler.cs b/roles/middleware/files/FWO.Middleware.Server/Requests/DeleteGroupRequestHandler.cs index ecf447377..125094dd1 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Requests/DeleteGroupRequestHandler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Requests/DeleteGroupRequestHandler.cs @@ -30,13 +30,13 @@ public DeleteGroupRequestHandler(List Ldaps, APIConnection ApiConn) foreach (Ldap currentLdap in Ldaps) { - // if current Ldap is internal: Try to delete group in current Ldap - if (currentLdap.IsWritable() && currentLdap.GroupSearchPath != null && currentLdap.GroupSearchPath != "") + // Try to delete group in current Ldap + if (currentLdap.IsInternal() && currentLdap.IsWritable() && currentLdap.HasGroupHandling()) { await Task.Run(() => { groupDeleted = currentLdap.DeleteGroup(groupDn); - Log.WriteAudit("DeleteGroup", $"Group {groupDeleted} deleted"); + if (groupDeleted) Log.WriteAudit("DeleteGroup", $"Group {groupDn} deleted from {currentLdap.Host()}"); }); } } diff --git a/roles/middleware/files/FWO.Middleware.Server/Requests/DeleteTenantRequestHandler.cs b/roles/middleware/files/FWO.Middleware.Server/Requests/DeleteTenantRequestHandler.cs index a9284bd7d..5fe295c7b 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Requests/DeleteTenantRequestHandler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Requests/DeleteTenantRequestHandler.cs @@ -27,23 +27,22 @@ public DeleteTenantRequestHandler(List Ldaps, APIConnection ApiConn) string tenantName = GetRequestParameter("TenantName", notNull: true); bool tenantDeleted = false; - List ldapRoleRequests = new List(); foreach (Ldap currentLdap in Ldaps) { - // if current Ldap is internal: Try to delete tenant in current Ldap - if (currentLdap.IsWritable()) + // Try to delete tenant in current Ldap + if (currentLdap.IsInternal() && currentLdap.IsWritable()) { await Task.Run(() => { tenantDeleted = currentLdap.DeleteTenant(tenantName); + if (tenantDeleted) Log.WriteAudit("DeleteTenant", $"Tenant {tenantName} deleted from {currentLdap.Host()}"); }); } } // Return status and result - // Log.WriteAudit("DeleteTenant", $"Tenant {tenantName} deleted"); - return WrapResult(HttpStatusCode.OK, ("tenantDeleted", tenantDeleted.ToString())); + return WrapResult(HttpStatusCode.OK, ("tenantDeleted", tenantDeleted)); } } } diff --git a/roles/middleware/files/FWO.Middleware.Server/Requests/DeleteUserRequestHandler.cs b/roles/middleware/files/FWO.Middleware.Server/Requests/DeleteUserRequestHandler.cs index 4c19d3e66..48e6b9ca0 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Requests/DeleteUserRequestHandler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Requests/DeleteUserRequestHandler.cs @@ -1,4 +1,5 @@ using FWO.ApiClient; +using FWO.Logging; using System.Collections.Generic; using System.Net; using System.Threading.Tasks; @@ -30,12 +31,13 @@ public DeleteUserRequestHandler(List Ldaps, APIConnection ApiConn) foreach (Ldap currentLdap in Ldaps) { + // Try to delete user in current Ldap if (currentLdap.Host() == ldap && currentLdap.IsWritable()) { await Task.Run(() => { - // Try to delete user in current Ldap userDeleted = currentLdap.DeleteUser(userDn); + if (userDeleted) Log.WriteAudit("DeleteUser", $"User {userDn} deleted from {ldap}"); }); } } diff --git a/roles/middleware/files/FWO.Middleware.Server/Requests/GetAllRolesRequestHandler.cs b/roles/middleware/files/FWO.Middleware.Server/Requests/GetAllRolesRequestHandler.cs index d2ad2308e..cf287066b 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Requests/GetAllRolesRequestHandler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Requests/GetAllRolesRequestHandler.cs @@ -29,16 +29,15 @@ public GetAllRolesRequestHandler(List Ldaps, APIConnection ApiConn) foreach (Ldap currentLdap in Ldaps) { - ldapRoleRequests.Add(Task.Run(() => + if (currentLdap.HasRoleHandling()) { - // if current Ldap has roles stored - if (currentLdap.RoleSearchPath != null && currentLdap.RoleSearchPath != "") + ldapRoleRequests.Add(Task.Run(() => { - // Get all roles from current Ldap + // if current Ldap has roles stored: Get all roles from current Ldap List>>> currentRoles = currentLdap.GetAllRoles(); allRoles.AddRange(currentRoles); - } - })); + })); + } } await Task.WhenAll(ldapRoleRequests); diff --git a/roles/middleware/files/FWO.Middleware.Server/Requests/GetGroupsRequestHandler.cs b/roles/middleware/files/FWO.Middleware.Server/Requests/GetGroupsRequestHandler.cs index b415b49d8..337b995b8 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Requests/GetGroupsRequestHandler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Requests/GetGroupsRequestHandler.cs @@ -29,7 +29,7 @@ public GetGroupsRequestHandler(List Ldaps, APIConnection ApiConn) foreach (Ldap currentLdap in Ldaps) { - if (currentLdap.Host() == ldap) + if (currentLdap.Host() == ldap && currentLdap.HasGroupHandling()) { await Task.Run(() => { diff --git a/roles/middleware/files/FWO.Middleware.Server/Requests/GetInternalGroupsRequestHandler.cs b/roles/middleware/files/FWO.Middleware.Server/Requests/GetInternalGroupsRequestHandler.cs index f04f97f76..e140af43f 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Requests/GetInternalGroupsRequestHandler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Requests/GetInternalGroupsRequestHandler.cs @@ -25,19 +25,23 @@ public GetInternalGroupsRequestHandler(List Ldaps, APIConnection ApiConn) // No parameters List>> allGroups = new List>>(); + List ldapGroupRequests = new List(); foreach (Ldap currentLdap in Ldaps) { - if (currentLdap.IsWritable() && currentLdap.GroupSearchPath != null && currentLdap.GroupSearchPath != "") + if (currentLdap.IsInternal() && currentLdap.HasGroupHandling()) { - await Task.Run(() => + ldapGroupRequests.Add(Task.Run(() => { // Get all groups from internal Ldap - allGroups = currentLdap.GetAllInternalGroups(); - }); + List>> currentGroups = currentLdap.GetAllInternalGroups(); + allGroups.AddRange(currentGroups); + })); } } + await Task.WhenAll(ldapGroupRequests); + // Return status and result return WrapResult(HttpStatusCode.OK, ("allGroups", allGroups)); } diff --git a/roles/middleware/files/FWO.Middleware.Server/Requests/RemoveUserFromAllEntriesRequestHandler.cs b/roles/middleware/files/FWO.Middleware.Server/Requests/RemoveUserFromAllEntriesRequestHandler.cs index 16073e5be..7e3167949 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Requests/RemoveUserFromAllEntriesRequestHandler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Requests/RemoveUserFromAllEntriesRequestHandler.cs @@ -30,14 +30,17 @@ public RemoveUserFromAllEntriesRequestHandler(List Ldaps, APIConnection Ap foreach (Ldap currentLdap in Ldaps) { - ldapRoleRequests.Add(Task.Run(() => + // Try to remove user from all roles and groups in current Ldap + if (currentLdap.IsWritable() && (currentLdap.HasRoleHandling() || currentLdap.HasGroupHandling())) { - // if current Ldap has roles stored: Try to remove user from all roles in current Ldap - if (currentLdap.RoleSearchPath != null && currentLdap.RoleSearchPath != "" && currentLdap.RemoveUserFromAllEntries(userDn)) + ldapRoleRequests.Add(Task.Run(() => { - userRemoved = true; - } - })); + if (currentLdap.RemoveUserFromAllEntries(userDn)) + { + userRemoved = true; + } + })); + } } await Task.WhenAll(ldapRoleRequests); diff --git a/roles/middleware/files/FWO.Middleware.Server/Requests/RemoveUserFromGroupRequestHandler.cs b/roles/middleware/files/FWO.Middleware.Server/Requests/RemoveUserFromGroupRequestHandler.cs index 109047fdb..de79135fe 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Requests/RemoveUserFromGroupRequestHandler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Requests/RemoveUserFromGroupRequestHandler.cs @@ -1,4 +1,5 @@ using FWO.ApiClient; +using FWO.Logging; using System.Collections.Generic; using System.Net; using System.Threading.Tasks; @@ -30,12 +31,13 @@ public RemoveUserFromGroupRequestHandler(List Ldaps, APIConnection ApiConn foreach (Ldap currentLdap in Ldaps) { - // if current Ldap is internal: Try to remove user from group in current Ldap - if (currentLdap.IsWritable() && currentLdap.GroupSearchPath != null && currentLdap.GroupSearchPath != "") + // Try to remove user from group in current Ldap + if (currentLdap.IsInternal() && currentLdap.IsWritable() && currentLdap.HasGroupHandling()) { await Task.Run(() => { userRemoved = currentLdap.RemoveUserFromEntry(userDn, group); + if (userRemoved) Log.WriteAudit("RemoveUserFromGroup", $"Removed user {userDn} from {group} in {currentLdap.Host()}"); }); } } diff --git a/roles/middleware/files/FWO.Middleware.Server/Requests/RemoveUserFromRoleRequestHandler.cs b/roles/middleware/files/FWO.Middleware.Server/Requests/RemoveUserFromRoleRequestHandler.cs index 1e7bce0c0..573ebdac8 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Requests/RemoveUserFromRoleRequestHandler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Requests/RemoveUserFromRoleRequestHandler.cs @@ -1,4 +1,5 @@ using FWO.ApiClient; +using FWO.Logging; using System.Collections.Generic; using System.Net; using System.Threading.Tasks; @@ -31,16 +32,19 @@ public RemoveUserFromRoleRequestHandler(List Ldaps, APIConnection ApiConn) foreach (Ldap currentLdap in Ldaps) { - ldapRoleRequests.Add(Task.Run(() => + // Try to remove user from role in current Ldap + if (currentLdap.IsWritable() && currentLdap.HasRoleHandling()) { - // if current Ldap has roles stored: Try to remove user from role in current Ldap - if (currentLdap.RoleSearchPath != null && currentLdap.RoleSearchPath != "" && currentLdap.RemoveUserFromEntry(userDn, role)) + ldapRoleRequests.Add(Task.Run(() => { - userRemoved = true; - } - })); + if(currentLdap.RemoveUserFromEntry(userDn, role)) + { + userRemoved = true; + Log.WriteAudit("RemoveUserFromRole", $"Removed user {userDn} from {role} in {currentLdap.Host()}"); + } + })); + } } - await Task.WhenAll(ldapRoleRequests); // Return status and result diff --git a/roles/middleware/files/FWO.Middleware.Server/Requests/UpdateGroupRequestHandler.cs b/roles/middleware/files/FWO.Middleware.Server/Requests/UpdateGroupRequestHandler.cs index cd291084c..531f65a16 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Requests/UpdateGroupRequestHandler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Requests/UpdateGroupRequestHandler.cs @@ -1,4 +1,5 @@ using FWO.ApiClient; +using FWO.Logging; using System.Collections.Generic; using System.Net; using System.Threading.Tasks; @@ -30,12 +31,13 @@ public UpdateGroupRequestHandler(List Ldaps, APIConnection ApiConn) foreach (Ldap currentLdap in Ldaps) { - // if current Ldap is internal: Try to update group in current Ldap - if (currentLdap.IsWritable() && currentLdap.GroupSearchPath != null && currentLdap.GroupSearchPath != "") + // Try to update group in current Ldap + if (currentLdap.IsInternal() && currentLdap.IsWritable() && currentLdap.HasGroupHandling()) { await Task.Run(() => { groupUpdated = currentLdap.UpdateGroup(oldName, newName); + if (groupUpdated != "") Log.WriteAudit("UpdateGroup", $"Group {oldName} updated to {newName} in {currentLdap.Host()}"); }); } } diff --git a/roles/middleware/files/FWO.Middleware.Server/Requests/UpdateUserRequestHandler.cs b/roles/middleware/files/FWO.Middleware.Server/Requests/UpdateUserRequestHandler.cs index 632a13fad..87d1bcda3 100644 --- a/roles/middleware/files/FWO.Middleware.Server/Requests/UpdateUserRequestHandler.cs +++ b/roles/middleware/files/FWO.Middleware.Server/Requests/UpdateUserRequestHandler.cs @@ -1,4 +1,5 @@ using FWO.ApiClient; +using FWO.Logging; using System.Collections.Generic; using System.Net; using System.Threading.Tasks; @@ -31,12 +32,13 @@ public UpdateUserRequestHandler(List Ldaps, APIConnection ApiConn) foreach (Ldap currentLdap in Ldaps) { + // Try to update user in current Ldap if (currentLdap.Host() == ldap && currentLdap.IsWritable()) { await Task.Run(() => { - // Try to update user to current Ldap userUpdated = currentLdap.UpdateUser(userDn, email); + if (userUpdated) Log.WriteAudit("UpdateUser", $"User {userDn} updated in {ldap}"); }); } } diff --git a/roles/middleware/tasks/create_auth_secrets.yml b/roles/middleware/tasks/create_auth_secrets.yml index 9138e40cb..fb71d0b57 100644 --- a/roles/middleware/tasks/create_auth_secrets.yml +++ b/roles/middleware/tasks/create_auth_secrets.yml @@ -24,6 +24,8 @@ openssl_privatekey: path: "{{ jwt_private_key_file }}" size: 2048 + force: yes + type: RSA owner: "{{ fworch_user }}" group: "{{ fworch_group }}" mode: "0600" diff --git a/roles/middleware/tasks/main.yml b/roles/middleware/tasks/main.yml index 5a4d5ec51..4dfc73325 100644 --- a/roles/middleware/tasks/main.yml +++ b/roles/middleware/tasks/main.yml @@ -110,7 +110,7 @@ - name: set UI admin password randomly set_fact: admin_password: "{{ random_generated_pw }}" - when: testkeys is not defined or not testkeys|bool + when: (testkeys is not defined or not testkeys|bool) and installation_mode == 'new' - name: write admin_password password to secrets directory copy: @@ -120,6 +120,7 @@ owner: "{{ fworch_user }}" group: "{{ fworch_group }}" become: yes + when: installation_mode == 'new' - name: Set admin password in ldap ldap_passwd: @@ -128,6 +129,7 @@ server_uri: "{{ openldap_url }}" bind_dn: "{{ openldap_superuser_dn }}" bind_pw: "{{ ldap_manager_pwd }}" + when: installation_mode == 'new' - name: Set {{ openldap_readonly_user_name }} password in ldap ldap_passwd: diff --git a/roles/ui/files/FWO_UI/Pages/Help/HelpAPI.cshtml b/roles/ui/files/FWO_UI/Pages/Help/HelpApi.cshtml similarity index 66% rename from roles/ui/files/FWO_UI/Pages/Help/HelpAPI.cshtml rename to roles/ui/files/FWO_UI/Pages/Help/HelpApi.cshtml index f108d1e9c..5f58ef4d1 100644 --- a/roles/ui/files/FWO_UI/Pages/Help/HelpAPI.cshtml +++ b/roles/ui/files/FWO_UI/Pages/Help/HelpApi.cshtml @@ -14,12 +14,4 @@

@userConfig.GetText("api")

@(Html.Raw(userConfig.GetText("H6001"))) -
    -
  • - @(Html.Raw(userConfig.GetText("H6011"))) -
    • -
  • - @(Html.Raw(userConfig.GetText("H6012"))) -
    • -
diff --git a/roles/ui/files/FWO_UI/Pages/Help/HelpAPIGraphql.cshtml b/roles/ui/files/FWO_UI/Pages/Help/HelpApiFwoGraphql.cshtml similarity index 100% rename from roles/ui/files/FWO_UI/Pages/Help/HelpAPIGraphql.cshtml rename to roles/ui/files/FWO_UI/Pages/Help/HelpApiFwoGraphql.cshtml diff --git a/roles/ui/files/FWO_UI/Pages/Help/HelpAPIHasura.cshtml b/roles/ui/files/FWO_UI/Pages/Help/HelpApiFwoHasura.cshtml similarity index 100% rename from roles/ui/files/FWO_UI/Pages/Help/HelpAPIHasura.cshtml rename to roles/ui/files/FWO_UI/Pages/Help/HelpApiFwoHasura.cshtml diff --git a/roles/ui/files/FWO_UI/Pages/Help/HelpAPILinks.cshtml b/roles/ui/files/FWO_UI/Pages/Help/HelpApiFwoLinks.cshtml similarity index 100% rename from roles/ui/files/FWO_UI/Pages/Help/HelpAPILinks.cshtml rename to roles/ui/files/FWO_UI/Pages/Help/HelpApiFwoLinks.cshtml diff --git a/roles/ui/files/FWO_UI/Pages/Help/HelpAPIMutation.cshtml b/roles/ui/files/FWO_UI/Pages/Help/HelpApiFwoMutation.cshtml similarity index 98% rename from roles/ui/files/FWO_UI/Pages/Help/HelpAPIMutation.cshtml rename to roles/ui/files/FWO_UI/Pages/Help/HelpApiFwoMutation.cshtml index 6adab4e0c..cff063bce 100644 --- a/roles/ui/files/FWO_UI/Pages/Help/HelpAPIMutation.cshtml +++ b/roles/ui/files/FWO_UI/Pages/Help/HelpApiFwoMutation.cshtml @@ -17,7 +17,7 @@ 
-curl --insecure --request POST \
+curl --request POST \
         --url https://localhost:9443/api/v1/graphql \
         --header 'content-type: application/json' \
         --header 'x-hasura-role: auditor' \
diff --git a/roles/ui/files/FWO_UI/Pages/Help/HelpAPIQuery.cshtml b/roles/ui/files/FWO_UI/Pages/Help/HelpApiFwoQuery.cshtml
similarity index 55%
rename from roles/ui/files/FWO_UI/Pages/Help/HelpAPIQuery.cshtml
rename to roles/ui/files/FWO_UI/Pages/Help/HelpApiFwoQuery.cshtml
index d90339d2e..fdda71d87 100644
--- a/roles/ui/files/FWO_UI/Pages/Help/HelpAPIQuery.cshtml
+++ b/roles/ui/files/FWO_UI/Pages/Help/HelpApiFwoQuery.cshtml
@@ -17,7 +17,7 @@
 
     
@userConfig.GetText("get_with_admin")

     
-curl --insecure --request POST \
+curl --request POST \
     --url https://localhost:9443/api/v1/graphql \
     --header 'content-type: application/json' \
     --header 'x-hasura-admin-secret: <hasura admin pwd>' \
@@ -29,7 +29,7 @@ curl --insecure --request POST \
     @(Html.Raw(userConfig.GetText("H6701")))
     


     
-curl --insecure --request POST \
+curl --request POST \
     --url https://localhost:9443/api/v1/graphql \
     --header 'content-type: application/json' \
     --header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1bmlxdWVfbmFtZSI6InVzZXIxX2RlbW8iLCJ4LWhhc3VyYS11c2VyLWlkIjoiNCIsIngtaGFzdXJhLXV1aWQiOiJ1aWQ9dXNlcjFfZGVtbyxvdT10ZW5hbnQyLG91PW9wZXJhdG9yLG91PXVzZXIsZGM9ZndvcmNoLGRjPWludGVybmFsIiwieC1oYXN1cmEtdGVuYW50LWlkIjoiMyIsIngtaGFzdXJhLXZpc2libGUtbWFuYWdlbWVudHMiOiJ7IDIgfSIsIngtaGFzdXJhLXZpc2libGUtZGV2aWNlcyI6InsgMiB9Iiwicm9sZSI6ImF1ZGl0b3IiLCJ4LWhhc3VyYS1hbGxvd2VkLXJvbGVzIjpbImF1ZGl0b3IiXSwieC1oYXN1cmEtZGVmYXVsdC1yb2xlIjoiYXVkaXRvciIsIm5iZiI6MTYyMjkxNTA3NCwiZXhwIjoxNjIyOTI5NTM0LCJpYXQiOjE2MjI5MTUwNzQsImlzcyI6IkZXTyBNaWRkbGV3YXJlIE1vZHVsZSIsImF1ZCI6IkZXTyJ9.bs5hTz6eZSV3xKDzsKxGuyDbdIIQfZgoEgKBoBZ-eBVlwzkHSgE5A0Z5Bg3BuyzP8VDPYfu4YfKGJNxjadumU7QVFKtrDlueNfYlUb_dBNQl2DSqdQmD9TfphAtclcBDuFKe7DKnEsPNvskoXbrDgrBQPK7talEKqTNkkKEORmpd3czuviLZyAyD5Uez_5Tc0T-9dlpENs4m4t8_FfpMpUW7i5-5BEE-ma4a1SPpmltdCJRsRQIwJUkjg_vJAHjzFuxGBXkKd7LdX7S7wiDiNUWfz0yy86zamDmeinEDnRX-mkjIN7f9vNCtldznZxvWOiRyHERxd9ek9To3WZIDMw' \
@@ -45,7 +45,7 @@ curl --insecure --request POST \
     @(Html.Raw(userConfig.GetText("H6701")))
     


     
-curl --insecure --request POST \
+curl --request POST \
     --url https://localhost:9443/api/v1/graphql \
     --header 'content-type: application/json' \
     --header 'x-hasura-role: auditor' \
@@ -53,4 +53,17 @@ curl --insecure --request POST \
     --data '{"query":"query { management {mgm_name} }"}'
     

 
+


+
+    
@userConfig.GetText("get_single_dev_rules")

+    @(Html.Raw(userConfig.GetText("H6701")))
+    


+    
+curl --request POST  \
+    --url https://localhost:9443/api/v1/graphql \
+    --header 'content-type: application/json' \
+    --header    'Accept: application/json' \
+    --header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1bmlxdWVfbmFtZSI6InVzZXIxX2RlbW8iLCJ4LWhhc3VyYS11c2VyLWlkIjoiMSIsIngtaGFzdXJhLXV1aWQiOiJ1aWQ9dXNlcjFfZGVtbyxvdT10ZW5hbnQxX2RlbW8sb3U9b3BlcmF0b3Isb3U9dXNlcixkYz1md29yY2gsZGM9aW50ZXJuYWwiLCJ4LWhhc3VyYS10ZW5hbnQtaWQiOiIyIiwieC1oYXN1cmEtdmlzaWJsZS1tYW5hZ2VtZW50cyI6InsgMSB9IiwieC1oYXN1cmEtdmlzaWJsZS1kZXZpY2VzIjoieyAxIH0iLCJyb2xlIjoicmVwb3J0ZXIiLCJ4LWhhc3VyYS1hbGxvd2VkLXJvbGVzIjpbInJlcG9ydGVyIl0sIngtaGFzdXJhLWRlZmF1bHQtcm9sZSI6InJlcG9ydGVyIiwibmJmIjoxNjI3MTQ1OTI1LCJleHAiOjE2MjcxNjAzODUsImlhdCI6MTYyNzE0NTkyNSwiaXNzIjoiRldPIE1pZGRsZXdhcmUgTW9kdWxlIiwiYXVkIjoiRldPIn0.imp8Y-DTz-PyZKxD_l9fN9QvCuNmQTZzGngY3VNJ7vkTCaV9lMdx_gv1eQSANzRwt5e9jIDO6NSoC3laqTgfeaGRkDi4X_JejFTlL3O3AlBjp7g5Npty1P9uqrBKJMxtETlwV7bfd5pFHT81-NdsjNmI8TI3X3tW6EpAxcvAK8xPirofZK5TCQTkDOl2dVFXYTY-aiYYj0SECJph86-OKeIOz6SFXwTdITvh0QotlHMCw3HOqoD0XqjjCvAqcFLjTTV2uEA6wLRC20dBwdDiiEoVDdnf0-jADWs3jI33OyIkuQjL_CkNNqYMqwNsQ0AUahs3lPi38QHmO51ety89QQ' \
+    --data '{"variables":{"device_id":1},"query":"fragment userOverview on usr { user_id user_uid user_name stm_usr_typ { usr_typ_name } } fragment networkObjectOverview on object { obj_ip obj_ip_end obj_name obj_id type: stm_obj_typ { id: obj_typ_id name: obj_typ_name } obj_color_id } fragment networkServiceOverview on service { svc_id svc_name svc_uid svc_port svc_port_end service_type: stm_svc_typ { id: svc_typ_id name: svc_typ_name } svc_color_id protocol_name: stm_ip_proto { id: ip_proto_id name: ip_proto_name } } fragment ruleOverview on rule { rule_id rule_uid rule_action section_header: rule_head_text rule_comment rule_track rule_disabled src_zone: zone { zone_name zone_id } rule_metadatum { rule_metadata_id rule_created rule_first_hit rule_last_hit rule_last_modified rule_last_certified  rule_to_be_removed rule_decert_date rule_recertification_comment } rule_src_neg rule_dst_neg rule_svc_neg rule_num_numeric rule_name rule_froms { usr { ...userOverview } object { ...networkObjectOverview } } dst_zone: zoneByRuleToZone { zone_name zone_id } rule_tos { object { ...networkObjectOverview } } rule_services { service { ...networkServiceOverview } } } query listRulesOverview($device_id: [Int!]) { management { id: mgm_id name: mgm_name devices( where: { dev_id: { _in: $device_id } } ) { dev_id dev_name rules( where: { active: { _eq: true } } order_by: { rule_num_numeric: asc } ) { ...ruleOverview } } } }"}'
+    

 
diff --git a/roles/ui/files/FWO_UI/Pages/Help/HelpAPILogin.cshtml b/roles/ui/files/FWO_UI/Pages/Help/HelpApiLogin.cshtml
similarity index 92%
rename from roles/ui/files/FWO_UI/Pages/Help/HelpAPILogin.cshtml
rename to roles/ui/files/FWO_UI/Pages/Help/HelpApiLogin.cshtml
index 4c6b72db8..5e21d31a8 100644
--- a/roles/ui/files/FWO_UI/Pages/Help/HelpAPILogin.cshtml
+++ b/roles/ui/files/FWO_UI/Pages/Help/HelpApiLogin.cshtml
@@ -19,7 +19,7 @@
     
@userConfig.GetText("jwt_corr_login")

 

 
-curl --insecure --request POST \
+curl --request POST \
     --url https://localhost:8888/AuthenticateUser/ \
     --header 'content-type: application/json' \
     --data '{"Username": "user1_demo", "Password": "cactus1"}'
@@ -28,7 +28,7 @@ curl --insecure --request POST \
     
@userConfig.GetText("err_incorr_login")

 

     
-curl --insecure --request POST \
+curl --request POST \
     --url https://localhost:8888/AuthenticateUser/ \
     --header 'content-type: application/json' \
     --data '{"Username": "user1_demo", "Password": "wrong-pwd"}'
diff --git a/roles/ui/files/FWO_UI/Pages/Help/HelpAPILogout.cshtml b/roles/ui/files/FWO_UI/Pages/Help/HelpApiLogout.cshtml
similarity index 100%
rename from roles/ui/files/FWO_UI/Pages/Help/HelpAPILogout.cshtml
rename to roles/ui/files/FWO_UI/Pages/Help/HelpApiLogout.cshtml
diff --git a/roles/ui/files/FWO_UI/Pages/Help/HelpAPISecurity.cshtml b/roles/ui/files/FWO_UI/Pages/Help/HelpApiSecurity.cshtml
similarity index 100%
rename from roles/ui/files/FWO_UI/Pages/Help/HelpAPISecurity.cshtml
rename to roles/ui/files/FWO_UI/Pages/Help/HelpApiSecurity.cshtml
diff --git a/roles/ui/files/FWO_UI/Pages/Help/HelpAPISidebar.cshtml b/roles/ui/files/FWO_UI/Pages/Help/HelpApiSidebar.cshtml
similarity index 75%
rename from roles/ui/files/FWO_UI/Pages/Help/HelpAPISidebar.cshtml
rename to roles/ui/files/FWO_UI/Pages/Help/HelpApiSidebar.cshtml
index d8841abb2..7238d7e26 100644
--- a/roles/ui/files/FWO_UI/Pages/Help/HelpAPISidebar.cshtml
+++ b/roles/ui/files/FWO_UI/Pages/Help/HelpApiSidebar.cshtml
@@ -3,29 +3,38 @@
 
 
     @RenderSection("sidebar", false)
-    

+    

         @RenderBody()
     

 
diff --git a/roles/ui/files/FWO_UI/Pages/Help/HelpSettingsLdap.cshtml b/roles/ui/files/FWO_UI/Pages/Help/HelpSettingsLdap.cshtml
index 0e514bf0a..9087b041c 100644
--- a/roles/ui/files/FWO_UI/Pages/Help/HelpSettingsLdap.cshtml
+++ b/roles/ui/files/FWO_UI/Pages/Help/HelpSettingsLdap.cshtml
@@ -17,6 +17,7 @@
     


     @userConfig.GetText("parameters"):
     
    
+        
  • @(Html.Raw(userConfig.GetText("H5210")))
    • 
         
  • @(Html.Raw(userConfig.GetText("H5211")))
    • 
         
  • @(Html.Raw(userConfig.GetText("H5212")))
    • 
         
  • @(Html.Raw(userConfig.GetText("H5213")))
    • 
diff --git a/roles/ui/files/FWO_UI/Pages/Reporting/Reports/RulesReport.razor b/roles/ui/files/FWO_UI/Pages/Reporting/Reports/RulesReport.razor
index 7341d7a62..7055f12e0 100644
--- a/roles/ui/files/FWO_UI/Pages/Reporting/Reports/RulesReport.razor
+++ b/roles/ui/files/FWO_UI/Pages/Reporting/Reports/RulesReport.razor
@@ -56,7 +56,7 @@
                                         
    
                                             
                                             
                                         
    
                                     
diff --git a/roles/ui/files/FWO_UI/Pages/Settings/SettingsGroups.razor b/roles/ui/files/FWO_UI/Pages/Settings/SettingsGroups.razor
index c7ca21ee0..a99ba8ea6 100644
--- a/roles/ui/files/FWO_UI/Pages/Settings/SettingsGroups.razor
+++ b/roles/ui/files/FWO_UI/Pages/Settings/SettingsGroups.razor
@@ -37,8 +37,8 @@
         
             
         
@@ -51,14 +51,35 @@
     
 

 
-
+
     
         @if (EditGroupMode)
         {
             

                 

                     
-                    
+                    

+                        
+                    

+                

+                

+                    
+                    @if (AddGroupMode)
+                    {
+                        

+                            
+                        

+                    }
+                    else
+                    {
+                        
+                    }
                 

            

         }
@@ -137,9 +158,9 @@
     
 
 
-
+
     
-        @if (DeleteUserMode)
+        @if (RemoveUserMode)
         {
             

                 

@@ -160,7 +181,7 @@
         

             
                 
-                    
+                    
                 
                 
                     
@@ -203,9 +224,12 @@
     private List groups = new List();
     private List sampleGroups = new List();
     private List uiUsers = new List();
+    private List roles = new List();
+    private List availableRoles = new List();
 
     private string selectedUiUser;
     private string selectedUserToDelete;
+    private string selectedRoleName;
     private bool showSampleRemoveButton = false;
 
     private UserGroup actGroup = new UserGroup();
@@ -215,7 +239,7 @@
     private bool EditGroupMode = false;
     private bool DeleteGroupMode = false;
     private bool AddUserMode = false;
-    private bool DeleteUserMode = false;
+    private bool RemoveUserMode = false;
     private bool SampleRemoveMode = false;
 
     private bool SampleRemoveAllowed = false;
@@ -265,6 +289,12 @@
         {
             DisplayMessageInUi(exception, userConfig.GetText("fetch_users"), null, true);
         }
+        
+        // get roles from internal ldap
+        await GetRolesFromInternalLdap();
+        SynchronizeGroupsToRoles();
+
+        availableRoles = roles.FindAll(x => (x.Name != "anonymous" && x.Name != "middleware-server"));
     }
 
     private void CollectSampleGroups()
@@ -280,8 +310,59 @@
         showSampleRemoveButton = (sampleGroups.Count > 0);
     }
 
+    private async Task GetRolesFromInternalLdap()
+    {
+        try
+        {
+            MiddlewareServerResponse middlewareServerResponse = await middlewareClient.GetAllRoles(userConfig.User.Jwt);
+            if (middlewareServerResponse.Status != HttpStatusCode.OK)
+            {
+                DisplayMessageInUi(null, userConfig.GetText("fetch_roles"), userConfig.GetText("E5251"), true);
+            }
+            else
+            {
+                foreach (var ldapRole in middlewareServerResponse.GetResult>>>>("allRoles"))
+                {
+                    Role role = new Role() { Dn = ldapRole.Key, Name = (new DistName(ldapRole.Key)).Role };
+                    foreach (var roleAttr in ldapRole.Value)
+                    {
+                        if (roleAttr.Key == "description")
+                        {
+                            role.Description = roleAttr.Value;
+                        }
+                        else if (roleAttr.Key == "user")
+                        {
+                            UiUser newUser = new UiUser() { Dn = roleAttr.Value, Name = (new DistName(roleAttr.Value)).UserName };
+                            role.Users.Add(newUser);
+                        }
+                    }
+                    roles.Add(role);
+                }
+            }
+        }
+        catch (System.Exception exception)
+        {
+            DisplayMessageInUi(exception, userConfig.GetText("fetch_roles"), null, true);
+        }
+    }
+    private void SynchronizeGroupsToRoles()
+    {
+        foreach (var group in groups)
+        {
+            group.Roles = new List();
+            foreach (var role in roles)
+            {
+                if (role.Users != null && role.Users.Exists(x => x.Dn == group.Dn))
+                {
+                    group.Roles.Add(role.Name);
+                }
+            }
+        }
+    }
+
     private void NewGroup()
     {
+        selectedRoleName = null;
         EditGroup(new UserGroup());
         AddGroupMode = true;
     }
@@ -300,6 +381,12 @@
         {
             if (AddGroupMode)
             {
+                actGroup.Roles = new List();
+                if(selectedRoleName != null)
+                {
+                    actGroup.Roles.Add(selectedRoleName);
+                }
+
                 if (newGroupName == null || newGroupName == "")
                 {
                     DisplayMessageInUi(null, userConfig.GetText("add_new_group"), userConfig.GetText("E5234"), true);
@@ -321,6 +408,7 @@
                     {
                         actGroup.Name = newGroupName;
                         groups.Add(actGroup);
+                        await AddGroupToRolesInLdap(actGroup);
                         AddGroupMode = false;
                         EditGroupMode = false;
                     }
@@ -350,6 +438,25 @@
         }
     }
 
+    private async Task AddGroupToRolesInLdap(UserGroup group)
+    {
+        try
+        {
+            foreach(string roleName in group.Roles)
+            {
+                MiddlewareServerResponse middlewareServerResponse = await middlewareClient.AddUserToRole(group.Dn, roles.Find(x => x.Name == roleName).Dn, userConfig.User.Jwt);
+                if ((middlewareServerResponse.Status != HttpStatusCode.OK) || (middlewareServerResponse.GetResult("userAdded") == false))
+                {
+                    DisplayMessageInUi(null, userConfig.GetText("add_user_to_role"), userConfig.GetText("E5246"), true);
+                }
+            }
+        }
+        catch (System.Exception exception)
+        {
+            DisplayMessageInUi(exception, userConfig.GetText("add_user_to_role"), null, true);
+        }
+    }
+
     private void RequestDeleteGroup(UserGroup group)
     {
         actGroup = group;
@@ -388,16 +495,16 @@
         }
     }
 
-    private void AddUser(UserGroup group)
+    private void AddUserToGroup(UserGroup group)
     {
         AddUserMode = true;
         actGroup = group;
         selectedUiUser = (uiUsers.Count == 0 ? "" : uiUsers.FirstOrDefault().Dn);
     }
 
-    private void DeleteUser(UserGroup group)
+    private void RemoveUserFromGroup(UserGroup group)
     {
-        DeleteUserMode = true;
+        RemoveUserMode = true;
         actGroup = group;
         selectedUserToDelete = (actGroup.Users.Count == 0 ? "" : actGroup.Users.FirstOrDefault().Dn);
     }
@@ -415,7 +522,7 @@
         }
         else
         {
-            // add user in LDAP
+            // add user to group in LDAP
             try
             {
                 MiddlewareServerResponse middlewareServerResponse = await middlewareClient.AddUserToGroup(user.Dn, actGroup.Dn, userConfig.User.Jwt);
@@ -437,12 +544,12 @@
         }
     }
 
-    private async Task DeleteUser(string userDn)
+    private async Task RemoveUserFromGroup(string userDn)
     {
         var itemToRemove = actGroup.Users.Find(x => x.Dn == userDn);
         if (itemToRemove != null)
         {
-            // delete user in LDAP
+            // remove user from group in LDAP
             try
             {
                 MiddlewareServerResponse middlewareServerResponse = await middlewareClient.RemoveUserFromGroup(userDn, actGroup.Dn, userConfig.User.Jwt);
@@ -454,7 +561,7 @@
                 {
                     actGroup.Users.Remove(itemToRemove);
                     groups[groups.FindIndex(x => x.Name == actGroup.Name)] = actGroup;
-                    DeleteUserMode = false;
+                    RemoveUserMode = false;
                 }
             }
             catch (System.Exception exception)
@@ -500,7 +607,7 @@
         EditGroupMode = false;
         DeleteGroupMode = false;
         AddUserMode = false;
-        DeleteUserMode = false;
+        RemoveUserMode = false;
         SampleRemoveMode = false;
     }
 }
diff --git a/roles/ui/files/FWO_UI/Pages/Settings/SettingsLdap.razor b/roles/ui/files/FWO_UI/Pages/Settings/SettingsLdap.razor
index 6ea71ae96..0ee2d5337 100644
--- a/roles/ui/files/FWO_UI/Pages/Settings/SettingsLdap.razor
+++ b/roles/ui/files/FWO_UI/Pages/Settings/SettingsLdap.razor
@@ -44,17 +44,17 @@
         
         
             
         
         
             
         
         
             
         
         
@@ -157,7 +157,7 @@
                     
                     

                         
+                        
                     

                     

                         
                             
-                                
+                                
                             
                             
                                 
@@ -179,7 +184,7 @@
                     
                     

                         
                     

                 

+                

+                    
+                    @if (AddMode)
+                    {
+                        

+                            
+                        

+                    }
+                    else
+                    {
+                        
+                    }
+                

+                

+                    
+                    @if (AddMode)
+                    {
+                        

+                            
+                        

+                    }
+                    else
+                    {
+                        
+                    }
+                

             
         }
     
@@ -246,7 +284,9 @@
     private List sampleUsers = new List();
     private List tenants = new List();
     private List availableTenants = new List();
-
+    private List groups = new List();
+    private List roles = new List();
+    private List availableRoles = new List();
 
     private bool EditMode = false;
     private bool DeleteMode = false;
@@ -260,7 +300,8 @@
     private UiUser actUser;
     private int selectedLdapId {get; set;}
     private int selectedTenantId;
-
+    private string selectedRoleName;
+    private string selectedGroupName;
 
     private string deleteMessage = "";
     private string sampleRemoveMessage = "";
@@ -293,14 +334,7 @@
         }
 
         // Get all users from internal ldap
-        try
-        {
-            await GetUsersFromInternalLdap();
-        }
-        catch (System.Exception exception)
-        {
-            DisplayMessageInUi(exception, userConfig.GetText("fetch_users_ldap"), null, true);
-        }
+        await GetUsersFromInternalLdap();
 
         // Get users from uiusers table
         try
@@ -314,12 +348,22 @@
         }
 
         // Synchronize both
-        await Synchronize();
+        await SynchronizeUsers();
+
+        // get groups from internal ldap
+        await GetGroupsFromInternalLdap();
+        SynchronizeUsersToGroups();
+
+        // get roles from internal ldap
+        await GetRolesFromInternalLdap();
+        SynchronizeUsersToRoles();
+
+        availableRoles = roles.FindAll(x => (x.Name != "anonymous" && x.Name != "middleware-server"));
 
         CollectSampleUsers();
     }
 
-    private async Task Synchronize()
+    private async Task SynchronizeUsers()
     {
         foreach (var ldapUser in ldapUsers)
         {
@@ -344,6 +388,36 @@
         }
     }
 
+    private void SynchronizeUsersToGroups()
+    {
+        foreach (var user in uiUsers)
+        {
+            user.Groups = new List();
+            foreach (var group in groups)
+            {
+                if (group.Users != null && group.Users.Exists(x => x.Dn == user.Dn))
+                {
+                    user.Groups.Add(group.Name);
+                }
+            }
+        }
+    }
+
+    private void SynchronizeUsersToRoles()
+    {
+        foreach (var user in uiUsers)
+        {
+            user.Roles = new List();
+            foreach (var role in roles)
+            {
+                if (role.Users != null && role.Users.Exists(x => x.Dn == user.Dn))
+                {
+                    user.Roles.Add(role.Name);
+                }
+            }
+        }
+    }
+
     private void CollectSampleUsers()
     {
         sampleUsers = new List();
@@ -359,35 +433,107 @@
 
     private async Task GetUsersFromInternalLdap()
     {
-        ldapUsers.Clear();
-        UiLdapConnection internalLdap = connectedLdaps.Find(x => x.IsInternal());
-        if (internalLdap == null)
+        try
         {
-            DisplayMessageInUi(null, userConfig.GetText("get_user_from_ldap"), userConfig.GetText("E5207"), true);
-            return;
+            ldapUsers.Clear();
+            UiLdapConnection internalLdap = connectedLdaps.Find(x => x.IsInternal());
+            if (internalLdap == null)
+            {
+                DisplayMessageInUi(null, userConfig.GetText("get_user_from_ldap"), userConfig.GetText("E5207"), true);
+                return;
+            }
+
+            // get users from Ldap
+            MiddlewareServerResponse usersMiddlewareResponse = await middlewareClient.GetUsers(internalLdap.Host(), "", userConfig.User.Jwt);
+            if (usersMiddlewareResponse.Status != HttpStatusCode.OK)
+            {
+                DisplayMessageInUi(null, userConfig.GetText("get_user_from_ldap"), userConfig.GetText("E5208"), true);
+            }
+            else
+            {
+                foreach (var user in usersMiddlewareResponse.GetResult>>("allUsers"))
+                {
+                    UiUser newUser = new UiUser() 
+                    { 
+                        Dn = user.Key, 
+                        Name = (new DistName(user.Key)).UserName, 
+                        Email = user.Value, 
+                        PasswordMustBeChanged = true,
+                        LdapConnection = internalLdap
+                    };
+                    ldapUsers.Add(newUser);
+                }
+            }
+        }
+        catch (System.Exception exception)
+        {
+            DisplayMessageInUi(exception, userConfig.GetText("fetch_users_ldap"), null, true);
         }
+    }
 
-        // get users from Ldap
-        MiddlewareServerResponse usersMiddlewareResponse = await middlewareClient.GetUsers(internalLdap.Host(), "", userConfig.User.Jwt);
-        if (usersMiddlewareResponse.Status != HttpStatusCode.OK)
+    private async Task GetGroupsFromInternalLdap()
+    {
+        try
         {
-            DisplayMessageInUi(null, userConfig.GetText("get_user_from_ldap"), userConfig.GetText("E5208"), true);
+            MiddlewareServerResponse middlewareServerResponse = await middlewareClient.GetInternalGroups(userConfig.User.Jwt);
+            if (middlewareServerResponse.Status != HttpStatusCode.OK)
+            {
+                DisplayMessageInUi(null, userConfig.GetText("fetch_groups"), userConfig.GetText("E5231"), true);
+            }
+            else
+            {
+                foreach (var ldapUserGroup in middlewareServerResponse.GetResult>>>("allGroups"))
+                {
+                    UserGroup group = new UserGroup() { Dn = ldapUserGroup.Key, Name = (new DistName(ldapUserGroup.Key)).Group };
+                    foreach (var userDn in ldapUserGroup.Value)
+                    {
+                        UiUser newUser = new UiUser() { Dn = userDn, Name = (new DistName(userDn)).UserName };
+                        group.Users.Add(newUser);
+                    }
+                    groups.Add(group);
+                }
+            }
         }
-        else
+        catch (System.Exception exception)
         {
-            foreach (var user in usersMiddlewareResponse.GetResult>>("allUsers"))
+            DisplayMessageInUi(exception, userConfig.GetText("fetch_groups"), null, true);
+        }
+    }
+
+    private async Task GetRolesFromInternalLdap()
+    {
+        try
+        {
+            MiddlewareServerResponse middlewareServerResponse = await middlewareClient.GetAllRoles(userConfig.User.Jwt);
+            if (middlewareServerResponse.Status != HttpStatusCode.OK)
+            {
+                DisplayMessageInUi(null, userConfig.GetText("fetch_roles"), userConfig.GetText("E5251"), true);
+            }
+            else
             {
-                UiUser newUser = new UiUser() 
-                { 
-                    Dn = user.Key, 
-                    Name = (new DistName(user.Key)).UserName, 
-                    Email = user.Value, 
-                    PasswordMustBeChanged = true,
-                    LdapConnection = internalLdap
-                };
-                ldapUsers.Add(newUser);
+                foreach (var ldapRole in middlewareServerResponse.GetResult>>>>("allRoles"))
+                {
+                    Role role = new Role() { Dn = ldapRole.Key, Name = (new DistName(ldapRole.Key)).Role };
+                    foreach (var roleAttr in ldapRole.Value)
+                    {
+                        if (roleAttr.Key == "description")
+                        {
+                            role.Description = roleAttr.Value;
+                        }
+                        else if (roleAttr.Key == "user")
+                        {
+                            UiUser newUser = new UiUser() { Dn = roleAttr.Value, Name = (new DistName(roleAttr.Value)).UserName };
+                            role.Users.Add(newUser);
+                        }
+                    }
+                    roles.Add(role);
+                }
             }
         }
+        catch (System.Exception exception)
+        {
+            DisplayMessageInUi(exception, userConfig.GetText("fetch_roles"), null, true);
+        }
     }
 
     private async Task updateUserInDb(UiUser user)
@@ -454,6 +600,10 @@
         selectedLdapId = writableLdaps.FirstOrDefault().Id;
         SetAvailableTenants();
         selectedTenantId = availableTenants.FirstOrDefault().Id;
+        selectedGroupName = null;
+        newUser.Groups = new List();
+        selectedRoleName = null;
+        newUser.Roles = new List();
         Edit(newUser);
     }
 
@@ -465,6 +615,10 @@
         selectedLdapId = (newUser.LdapConnection != null ? newUser.LdapConnection.Id :  writableLdaps.FirstOrDefault().Id);
         SetAvailableTenants();
         selectedTenantId = newUser.Tenant.Id;
+        selectedGroupName = (newUser.Groups != null ? newUser.Groups.FirstOrDefault() : null);
+        newUser.Groups = new List();
+        selectedRoleName = (newUser.Roles != null ? newUser.Roles.FirstOrDefault() : null);
+        newUser.Roles = new List();
         Edit(newUser);
     }
 
@@ -484,6 +638,16 @@
         // todo: further dn specification maybe in ldapconnection?
         user.Dn = (selectedLdap.Type == (int)LdapType.ActiveDirectory ? "cn=": "uid=") + user.Name + 
             (selectedLdap.TenantLevel > 0 ? ",ou=" + selectedTenant.Name : "") + "," + selectedLdap.UserSearchPath;
+        user.Groups = new List();
+        if(selectedGroupName != null)
+        {
+            user.Groups.Add(selectedGroupName);
+        }
+        user.Roles = new List();
+        if(selectedRoleName != null)
+        {
+            user.Roles.Add(selectedRoleName);
+        }
     }
 
     private async Task Save()
@@ -492,23 +656,12 @@
         {
             if (AddMode)
             {
-                // Todo: Further value checks?
-                string errorMsg;
                 SynchronizeUserData(actUser); 
-                if (actUser.Name == null || actUser.Name == "" || actUser.Password == null || actUser.Password == "")
-                {
-                    DisplayMessageInUi(null, userConfig.GetText("add_user"), userConfig.GetText("E5211"), true);
-                }
-                else if (!((new PasswordPolicy()).checkPolicy(actUser.Password, userConfig, out errorMsg)))
-                {
-                    DisplayMessageInUi(null, userConfig.GetText("add_user"), errorMsg, true);
-                }
-                else if (actUser.LdapConnection.TenantLevel > 0 && (actUser.Tenant == null || !tenants.Exists(x => x.Name == actUser.Tenant.Name)))
-                {
-                    DisplayMessageInUi(null, userConfig.GetText("add_user"), userConfig.GetText("E5212"), true);
-                }
-                else
+
+                if (CheckValues())
                 {
+                    SynchronizeUserData(actUser); 
+
                     // insert new user to ldap
                     MiddlewareServerResponse middlewareServerResponse = await middlewareClient.AddUser(actUser.LdapConnection.Host(), actUser.Dn, actUser.Password, actUser.Email, userConfig.User.Jwt);
                     if (middlewareServerResponse.Status != HttpStatusCode.OK || middlewareServerResponse.GetResult("userAdded") == false)
@@ -520,6 +673,8 @@
                         actUser.PasswordMustBeChanged = true;
                         await addUserToDb(actUser);
                         uiUsers.Add(actUser);
+                        await AddUserToGroupsInLdap(actUser);
+                        await AddUserToRolesInLdap(actUser);
                         AddMode = false;
                         EditMode = false;
                     }
@@ -547,6 +702,70 @@
         }
     }
 
+    private bool CheckValues()
+    {
+        string errorMsg;
+        if (actUser.Name == null || actUser.Name == "" || actUser.Password == null || actUser.Password == "")
+        {
+            DisplayMessageInUi(null, userConfig.GetText("add_user"), userConfig.GetText("E5211"), true);
+            return false;
+        }
+        if (!((new PasswordPolicy()).checkPolicy(actUser.Password, userConfig, out errorMsg)))
+        {
+            DisplayMessageInUi(null, userConfig.GetText("add_user"), errorMsg, true);
+            return false;
+        }
+        if (actUser.LdapConnection.TenantLevel > 0 && (actUser.Tenant == null || !tenants.Exists(x => x.Name == actUser.Tenant.Name)))
+        {
+            DisplayMessageInUi(null, userConfig.GetText("add_user"), userConfig.GetText("E5212"), true);
+            return false;
+        }
+        if (uiUsers.Exists(x => x.Dn == actUser.Dn))
+        {
+            DisplayMessageInUi(null, userConfig.GetText("add_user"), userConfig.GetText("E5210"), true);
+            return false;
+        }
+        return true;
+    }
+
+    private async Task AddUserToGroupsInLdap(UiUser user)
+    {
+        try
+        {
+            foreach(string groupName in user.Groups)
+            {
+                MiddlewareServerResponse middlewareServerResponse = await middlewareClient.AddUserToGroup(user.Dn, groups.Find(x => x.Name == groupName).Dn, userConfig.User.Jwt);
+                if ((middlewareServerResponse.Status != HttpStatusCode.OK) || (middlewareServerResponse.GetResult("userAdded") == false))
+                {
+                    DisplayMessageInUi(null, userConfig.GetText("add_user_to_group"), userConfig.GetText("E5242"), true);
+                }
+            }
+        }
+        catch (System.Exception exception)
+        {
+            DisplayMessageInUi(exception, userConfig.GetText("add_user_to_group"), null, true);
+        }
+    }
+
+    private async Task AddUserToRolesInLdap(UiUser user)
+    {
+        try
+        {
+            foreach(string roleName in user.Roles)
+            {
+                MiddlewareServerResponse middlewareServerResponse = await middlewareClient.AddUserToRole(user.Dn, roles.Find(x => x.Name == roleName).Dn, userConfig.User.Jwt);
+                if ((middlewareServerResponse.Status != HttpStatusCode.OK) || (middlewareServerResponse.GetResult("userAdded") == false))
+                {
+                    DisplayMessageInUi(null, userConfig.GetText("add_user_to_role"), userConfig.GetText("E5255"), true);
+                }
+            }
+        }
+        catch (System.Exception exception)
+        {
+            DisplayMessageInUi(exception, userConfig.GetText("add_user_to_role"), null, true);
+        }
+    }
+
     private void RequestDelete(UiUser user)
     {
         actUser = user;
diff --git a/roles/webhook/templates/fworch-webhook-receiver.py.j2 b/roles/webhook/templates/fworch-webhook-receiver.py.j2
index 5da848729..682e6ad66 100644
--- a/roles/webhook/templates/fworch-webhook-receiver.py.j2
+++ b/roles/webhook/templates/fworch-webhook-receiver.py.j2
@@ -100,7 +100,7 @@ def post_handler():
                os.system('rm -rf ' + tmp_git_dir)
                os.system('mkdir -p ' + tmp_git_dir)
                target_path  =  tmp_git_dir
-               clone_cmd = "cd " + tmp_git_dir + " && ssh-agent bash -c 'ssh-add " + ssh_priv_key_file + " && git clone ssh://git@" + github_hostname + project_path + "'"
+               clone_cmd = "cd " + tmp_git_dir + " && ssh-agent bash -c 'ssh-add " + ssh_priv_key_file + " && git clone -b {{ webhook_branch }} ssh://git@" + github_hostname + project_path + "'"
                f.write('executing ' + clone_cmd + '\n')
                os.system(clone_cmd) # Cloning
                if (webhook_script_changed):
diff --git a/scripts/uninstall-fworch.yml b/scripts/uninstall-fworch.yml
index 2c780f770..a4fbfd217 100644
--- a/scripts/uninstall-fworch.yml
+++ b/scripts/uninstall-fworch.yml
@@ -177,7 +177,7 @@
         name: slapd
         purge: yes
 
-    - name: remove fworch dirs
+    - name: remove fworch dirs and files
       file:
         name: "{{ item }}"
         state: absent
@@ -189,6 +189,7 @@
         - /var/lib/ldap/fworch.internal
         - /var/lib/ldap/example.com
         - /var/lib/pgsql/data
+        - "{{ api_hasura_cli_bin }}"
 
     - name: remove OS users and delete home directories
       user:
diff --git a/site.yml b/site.yml
index f18e8783c..72287b1f9 100644
--- a/site.yml
+++ b/site.yml
@@ -27,7 +27,6 @@
 - hosts: all
   roles:
     - { role: common, when: "not installation_mode == 'uninstall'" }
-
   tags:
     - backend
 
@@ -135,7 +134,7 @@
     - { role: webhook, when: install_webhook|bool and not installation_mode == 'uninstall' }
   tags:
     - test
-    
+
 - hosts: all
   roles:
     - { role: test, when: "not installation_mode == 'uninstall'" }
@@ -159,4 +158,4 @@
           - "Your initial UI admin password is '{{ admin_password }}'"
           - "Your api hasura admin secret is '{{ api_hasura_admin_secret }}'"
       when: admin_password is defined and api_hasura_admin_secret is defined
- 
+ 
\ No newline at end of file