mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-10 01:54:38 +00:00
370cd19a83
* separate roles for global org * remove old user grant permissions * allow context permissions Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
265 lines
7.5 KiB
YAML
265 lines
7.5 KiB
YAML
InternalAuthZ:
|
|
RolePermissionMappings:
|
|
- Role: 'IAM_OWNER'
|
|
Permissions:
|
|
- "iam.read"
|
|
- "iam.write"
|
|
- "iam.policy.read"
|
|
- "iam.policy.write"
|
|
- "iam.policy.delete"
|
|
- "iam.member.read"
|
|
- "iam.member.write"
|
|
- "iam.member.delete"
|
|
- "iam.idp.read"
|
|
- "iam.idp.write"
|
|
- "iam.idp.delete"
|
|
- "org.read"
|
|
- "org.global.read"
|
|
- "org.create"
|
|
- "org.write"
|
|
- "org.member.read"
|
|
- "org.member.write"
|
|
- "org.member.delete"
|
|
- "org.idp.read"
|
|
- "org.idp.write"
|
|
- "org.idp.delete"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.write"
|
|
- "user.delete"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- "policy.read"
|
|
- "policy.write"
|
|
- "policy.delete"
|
|
- "project.read"
|
|
- "project.create"
|
|
- "project.write"
|
|
- "project.delete"
|
|
- "project.member.read"
|
|
- "project.member.write"
|
|
- "project.member.delete"
|
|
- "project.role.read"
|
|
- "project.role.write"
|
|
- "project.role.delete"
|
|
- "project.app.read"
|
|
- "project.app.write"
|
|
- "project.app.delete"
|
|
- "project.grant.read"
|
|
- "project.grant.write"
|
|
- "project.grant.delete"
|
|
- "project.grant.member.read"
|
|
- "project.grant.member.write"
|
|
- "project.grant.member.delete"
|
|
- Role: 'IAM_OWNER_VIEWER'
|
|
Permissions:
|
|
- "iam.read"
|
|
- "iam.policy.read"
|
|
- "iam.member.read"
|
|
- "iam.idp.read"
|
|
- "org.read"
|
|
- "org.member.read"
|
|
- "org.idp.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.membership.read"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- Role: 'ORG_OWNER'
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.global.read"
|
|
- "org.create"
|
|
- "org.write"
|
|
- "org.member.read"
|
|
- "org.member.write"
|
|
- "org.member.delete"
|
|
- "org.idp.read"
|
|
- "org.idp.write"
|
|
- "org.idp.delete"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.write"
|
|
- "user.delete"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- "policy.read"
|
|
- "policy.write"
|
|
- "policy.delete"
|
|
- "project.read"
|
|
- "project.create"
|
|
- "project.write"
|
|
- "project.delete"
|
|
- "project.member.read"
|
|
- "project.member.write"
|
|
- "project.member.delete"
|
|
- "project.role.read"
|
|
- "project.role.write"
|
|
- "project.role.delete"
|
|
- "project.app.read"
|
|
- "project.app.write"
|
|
- "project.grant.read"
|
|
- "project.grant.write"
|
|
- "project.grant.delete"
|
|
- "project.grant.member.read"
|
|
- "project.grant.member.write"
|
|
- "project.grant.member.delete"
|
|
- Role: 'ORG_OWNER_VIEWER'
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.member.read"
|
|
- "org.idp.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.membership.read"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "project.grant.user.grant.read"
|
|
- Role: 'ORG_USER_PERMISSION_EDITOR'
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.member.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- Role: 'ORG_PROJECT_PERMISSION_EDITOR'
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.member.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.write"
|
|
- "project.grant.delete"
|
|
- "project.grant.member.read"
|
|
- Role: 'ORG_PROJECT_CREATOR'
|
|
Permissions:
|
|
- "user.global.read"
|
|
- "project.read:self"
|
|
- "project.create"
|
|
- Role: 'PROJECT_OWNER'
|
|
Permissions:
|
|
- "org.global.read"
|
|
- "project.read"
|
|
- "project.write"
|
|
- "project.delete"
|
|
- "project.member.read"
|
|
- "project.member.write"
|
|
- "project.member.delete"
|
|
- "project.role.read"
|
|
- "project.role.write"
|
|
- "project.role.delete"
|
|
- "project.app.read"
|
|
- "project.app.write"
|
|
- "project.app.delete"
|
|
- "project.grant.read"
|
|
- "project.grant.write"
|
|
- "project.grant.delete"
|
|
- "project.grant.member.read"
|
|
- "project.grant.member.write"
|
|
- "project.grant.member.delete"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- Role: 'PROJECT_OWNER_VIEWER'
|
|
Permissions:
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.membership.read"
|
|
- Role: 'PROJECT_OWNER_GLOBAL'
|
|
Permissions:
|
|
- "org.global.read"
|
|
- "project.read"
|
|
- "project.write"
|
|
- "project.delete"
|
|
- "project.member.read"
|
|
- "project.member.write"
|
|
- "project.member.delete"
|
|
- "project.role.read"
|
|
- "project.role.write"
|
|
- "project.role.delete"
|
|
- "project.app.read"
|
|
- "project.app.write"
|
|
- "project.app.delete"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- Role: 'PROJECT_OWNER_VIEWER_GLOBAL'
|
|
Permissions:
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.membership.read"
|
|
- Role: 'PROJECT_GRANT_OWNER'
|
|
Permissions:
|
|
- "org.global.read"
|
|
- "project.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "project.grant.member.write"
|
|
- "project.grant.member.delete"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- Role: 'PROJECT_GRANT_OWNER_VIEWER'
|
|
Permissions:
|
|
- "project.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.membership.read" |