mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 11:04:25 +00:00
a4763b1e4c
* features * features * features * fix json tags * add features handler to auth * mocks for tests * add setup step * fixes * add featurelist to auth api * grandfather state and typos * typo * merge new-eventstore * fix login policy tests * label policy in features * audit log retention
272 lines
7.6 KiB
YAML
272 lines
7.6 KiB
YAML
InternalAuthZ:
|
|
RolePermissionMappings:
|
|
- Role: 'IAM_OWNER'
|
|
Permissions:
|
|
- "iam.read"
|
|
- "iam.write"
|
|
- "iam.features.read"
|
|
- "iam.features.write"
|
|
- "iam.policy.read"
|
|
- "iam.policy.write"
|
|
- "iam.policy.delete"
|
|
- "iam.member.read"
|
|
- "iam.member.write"
|
|
- "iam.member.delete"
|
|
- "iam.idp.read"
|
|
- "iam.idp.write"
|
|
- "iam.idp.delete"
|
|
- "org.read"
|
|
- "org.global.read"
|
|
- "org.create"
|
|
- "org.write"
|
|
- "org.member.read"
|
|
- "org.member.write"
|
|
- "org.member.delete"
|
|
- "org.idp.read"
|
|
- "org.idp.write"
|
|
- "org.idp.delete"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.write"
|
|
- "user.delete"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- "features.read"
|
|
- "policy.read"
|
|
- "policy.write"
|
|
- "policy.delete"
|
|
- "project.read"
|
|
- "project.create"
|
|
- "project.write"
|
|
- "project.delete"
|
|
- "project.member.read"
|
|
- "project.member.write"
|
|
- "project.member.delete"
|
|
- "project.role.read"
|
|
- "project.role.write"
|
|
- "project.role.delete"
|
|
- "project.app.read"
|
|
- "project.app.write"
|
|
- "project.app.delete"
|
|
- "project.grant.read"
|
|
- "project.grant.write"
|
|
- "project.grant.delete"
|
|
- "project.grant.member.read"
|
|
- "project.grant.member.write"
|
|
- "project.grant.member.delete"
|
|
- Role: 'IAM_OWNER_VIEWER'
|
|
Permissions:
|
|
- "iam.read"
|
|
- "iam.features.read"
|
|
- "iam.policy.read"
|
|
- "iam.member.read"
|
|
- "iam.idp.read"
|
|
- "org.read"
|
|
- "org.member.read"
|
|
- "org.idp.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.membership.read"
|
|
- "features.read"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- Role: 'ORG_OWNER'
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.global.read"
|
|
- "org.create"
|
|
- "org.write"
|
|
- "org.member.read"
|
|
- "org.member.write"
|
|
- "org.member.delete"
|
|
- "org.idp.read"
|
|
- "org.idp.write"
|
|
- "org.idp.delete"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.write"
|
|
- "user.delete"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- "features.read"
|
|
- "policy.read"
|
|
- "policy.write"
|
|
- "policy.delete"
|
|
- "project.read"
|
|
- "project.create"
|
|
- "project.write"
|
|
- "project.delete"
|
|
- "project.member.read"
|
|
- "project.member.write"
|
|
- "project.member.delete"
|
|
- "project.role.read"
|
|
- "project.role.write"
|
|
- "project.role.delete"
|
|
- "project.app.read"
|
|
- "project.app.write"
|
|
- "project.grant.read"
|
|
- "project.grant.write"
|
|
- "project.grant.delete"
|
|
- "project.grant.member.read"
|
|
- "project.grant.member.write"
|
|
- "project.grant.member.delete"
|
|
- Role: 'ORG_OWNER_VIEWER'
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.member.read"
|
|
- "org.idp.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.membership.read"
|
|
- "features.read"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "project.grant.user.grant.read"
|
|
- Role: 'ORG_USER_PERMISSION_EDITOR'
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.member.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- Role: 'ORG_PROJECT_PERMISSION_EDITOR'
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.member.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.write"
|
|
- "project.grant.delete"
|
|
- "project.grant.member.read"
|
|
- Role: 'ORG_PROJECT_CREATOR'
|
|
Permissions:
|
|
- "user.global.read"
|
|
- "project.read:self"
|
|
- "project.create"
|
|
- Role: 'PROJECT_OWNER'
|
|
Permissions:
|
|
- "org.global.read"
|
|
- "project.read"
|
|
- "project.write"
|
|
- "project.delete"
|
|
- "project.member.read"
|
|
- "project.member.write"
|
|
- "project.member.delete"
|
|
- "project.role.read"
|
|
- "project.role.write"
|
|
- "project.role.delete"
|
|
- "project.app.read"
|
|
- "project.app.write"
|
|
- "project.app.delete"
|
|
- "project.grant.read"
|
|
- "project.grant.write"
|
|
- "project.grant.delete"
|
|
- "project.grant.member.read"
|
|
- "project.grant.member.write"
|
|
- "project.grant.member.delete"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- Role: 'PROJECT_OWNER_VIEWER'
|
|
Permissions:
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.membership.read"
|
|
- Role: 'PROJECT_OWNER_GLOBAL'
|
|
Permissions:
|
|
- "org.global.read"
|
|
- "project.read"
|
|
- "project.write"
|
|
- "project.delete"
|
|
- "project.member.read"
|
|
- "project.member.write"
|
|
- "project.member.delete"
|
|
- "project.role.read"
|
|
- "project.role.write"
|
|
- "project.role.delete"
|
|
- "project.app.read"
|
|
- "project.app.write"
|
|
- "project.app.delete"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- Role: 'PROJECT_OWNER_VIEWER_GLOBAL'
|
|
Permissions:
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.membership.read"
|
|
- Role: 'PROJECT_GRANT_OWNER'
|
|
Permissions:
|
|
- "org.global.read"
|
|
- "project.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "project.grant.member.write"
|
|
- "project.grant.member.delete"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- Role: 'PROJECT_GRANT_OWNER_VIEWER'
|
|
Permissions:
|
|
- "project.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.membership.read" |