TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-01-06 13:57:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add some manager roles (#2585)

Browse Source 
* feat: add some manager roles

* feat: add some manager roles

* fix indent

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi 2021-10-28 13:22:25 +02:00 committed by GitHub
parent f1afdef7fb
commit c190d5d1b7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 88 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
cmd/zitadel/authz.yaml
View File

@ -94,6 +94,78 @@ InternalAuthZ:
- "project.app.read"
- "project.grant.read"
- "project.grant.member.read"
- Role: 'IAM_ORG_MANAGER'
Permissions:
- "org.read"
- "org.global.read"
- "org.create"
- "org.write"
- "org.member.read"
- "org.member.write"
- "org.member.delete"
- "org.idp.read"
- "org.idp.write"
- "org.idp.delete"
- "org.action.read"
- "org.action.write"
- "org.action.delete"
- "org.flow.read"
- "org.flow.write"
- "org.flow.delete"
- "user.read"
- "user.global.read"
- "user.write"
- "user.delete"
- "user.grant.read"
- "user.grant.write"
- "user.grant.delete"
- "user.membership.read"
- "features.read"
- "policy.read"
- "policy.write"
- "policy.delete"
- "project.read"
- "project.create"
- "project.write"
- "project.delete"
- "project.member.read"
- "project.member.write"
- "project.member.delete"
- "project.role.read"
- "project.role.write"
- "project.role.delete"
- "project.app.read"
- "project.app.write"
- "project.app.delete"
- "project.grant.read"
- "project.grant.write"
- "project.grant.delete"
- "project.grant.member.read"
- "project.grant.member.write"
- "project.grant.member.delete"
- Role: 'IAM_USER_MANAGER'
Permissions:
- "org.read"
- "org.global.read"
- "org.member.read"
- "org.member.delete"
- "user.read"
- "user.global.read"
- "user.write"
- "user.delete"
- "user.grant.read"
- "user.grant.write"
- "user.grant.delete"
- "user.membership.read"
- "features.read"
- "project.read"
- "project.member.read"
- "project.role.read"
- "project.app.read"
- "project.grant.read"
- "project.grant.write"
- "project.grant.delete"
- "project.grant.member.read"
- Role: 'ORG_OWNER'
Permissions:
- "org.read"
@ -142,6 +214,18 @@ InternalAuthZ:
- "project.grant.member.read"
- "project.grant.member.write"
- "project.grant.member.delete"
- Role: 'ORG_USER_MANAGER'
Permissions:
- "user.read"
- "user.global.read"
- "user.write"
- "user.delete"
- "user.grant.read"
- "user.grant.write"
- "user.grant.delete"
- "user.membership.read"
- "project.read"
- "project.role.read"
- Role: 'ORG_OWNER_VIEWER'
Permissions:
- "org.read"
@ -300,4 +384,4 @@ InternalAuthZ:
- "user.read"
- "user.global.read"
- "user.grant.read"
- "user.membership.read"
- "user.membership.read"

3
docs/docs/concepts/zitadel/objects/managers.md
View File

@ -18,8 +18,11 @@ In the right part of the console you can finde **MANAGERS** in the details part.
|---|---|
| IAM_OWNER | Manage the IAM, manage all organizations with their content |
| IAM_OWNER_VIEWER | View the IAM and view all organizations with their content |
| IAM_ORG_MANAGER | Manage all organizations including their policies, projects and users |
| IAM_USER_MANAGER | Manage all users and their authorizations over all organizations |
| ORG_OWNER | Manage everything within an organization |
| ORG_OWNER_VIEWER | View everything within an organization |
| ORG_USER_MANAGER | Manage users and their authorizations within an organization |
| ORG_USER_PERMISSION_EDITOR | Manage user grants and view everything needed for this |
| ORG_PROJECT_PERMISSION_EDITOR | Grant Projects to other organizations and view everything needed for this |
| ORG_PROJECT_CREATOR | This role is used for users in the global organization. They are allowed to create projects and manage them. |