Operations and Access Control
Hi,
I am trying to define new roles and assign access on operations to these roles.
The scenario I am trying out is to create two roles repository-admin and repository-contributor. The repository-admin role must have access to perform Create/Read/Update/Delete on the stream object and the repository-contributor must have access to perform Read/Update the stream object.
I am unable to create the above access control policy because modifyStream is the only operation I see when I use content assist. Am I missing something or Is there a workaround to create the above policy?
Thanks in advance.
I am trying to define new roles and assign access on operations to these roles.
The scenario I am trying out is to create two roles repository-admin and repository-contributor. The repository-admin role must have access to perform Create/Read/Update/Delete on the stream object and the repository-contributor must have access to perform Read/Update the stream object.
I am unable to create the above access control policy because modifyStream is the only operation I see when I use content assist. Am I missing something or Is there a workaround to create the above policy?
Thanks in advance.
3 answers
If I understand your request correctly, you would express this
configuration as:
<role id="repository-admin">
<operation id="com.ibm.team.scm.server.modifyStream">
<permissions>
<action id="any"/>
</permissions>
</operation>
</role>
<role id="repository-contributor>
<operation id="com.ibm.team.scm.server.modifyStream">
<permissions>
<action id="modify">
<action id="stream">
<action id="attributes">
<action id="any">
</action>
</action>
</action>
</permissions>
</operation>
</role>
- Jared
bhadrim wrote:
configuration as:
<role id="repository-admin">
<operation id="com.ibm.team.scm.server.modifyStream">
<permissions>
<action id="any"/>
</permissions>
</operation>
</role>
<role id="repository-contributor>
<operation id="com.ibm.team.scm.server.modifyStream">
<permissions>
<action id="modify">
<action id="stream">
<action id="attributes">
<action id="any">
</action>
</action>
</action>
</permissions>
</operation>
</role>
- Jared
bhadrim wrote:
Hi,
I am trying to define new roles and assign access on operations to
these roles.
The scenario I am trying out is to create two roles repository-admin
and repository-contributor. The repository-admin role must have
access to perform Create/Read/Update/Delete on the stream object and
the repository-contributor must have access to perform Read/Update
the stream object.
I am unable to create the above access control policy because
modifyStream is the only operation I see when I use content assist.
Am I missing something or Is there a workaround to create the above
policy?
Thanks in advance.
Thanks. Yes something along the lines, but not for the attributes but for the components as shown below. But how can I know the nesting action ids. If it is documented can someone point me to the document. Thanks.
<operation id="com.ibm.team.scm.server.modifyStream">
<permissions>
<action id="modify">
<action id="stream">
<action id="component">
<action id="any"/>
</action>
</action>
</action>
</permissions>
</operation>
<operation id="com.ibm.team.scm.server.modifyStream">
<permissions>
<action id="modify">
<action id="stream">
<action id="component">
<action id="any"/>
</action>
</action>
</action>
</permissions>
</operation>
Currently, the only way to find out the action ids is to use code-assist
(ctrl+space) in the editor. We realize that this isn't optimal and will
be improving it over time.
- Jared
bhadrim wrote:
(ctrl+space) in the editor. We realize that this isn't optimal and will
be improving it over time.
- Jared
bhadrim wrote:
Thanks. Yes something along the lines, but not for the attributes but
for the components as shown below. But how can I know the nesting
action ids. If it is documented can someone point me to the document.
Thanks.
operation id="com.ibm.team.scm.server.modifyStream"
<permissions
<action id="modify"
<action id="stream"
<action id="component"
<action id="any"/
</action
</action
</action>
</permissions
/operation