Table of Contents | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
...
Principal | Description |
---|---|
"anonymous":["*"] | An anonymous, unauthenticated user |
"user":["*"] | Any authenticated user from any the context’s IDSYS scope |
"user":["*@austin"] | Any authenticated user in the ‘austin’ domain’s idsys (or inherited IDSYS if applicable). |
"user":["*+texas"] | Any authenticated user in the ‘texas’ tenant’s idsys (or inherited IDSYS if applicable). |
"user":["gcarlin"] | A user named 'gcarlin' from this scope's IDSYS (or inherited IDSYS if applicable). This is a non-qualified user name since no domain, tenant, or root scope is specified. |
"user":["gcarlin@cars"] | A user named 'gcarlin' from the 'cars' storage domain's IDSYS (or its inherited IDSYS if applicable) |
"user":["gcarlin+movies"] | A user named 'gcarlin' from the 'movies' tenant's IDSYS (or its inherited IDSYS if applicable) |
"user":["gcarlin@"] | A user named 'gcarlin' only from the root IDSYS |
"group":["admins"] | Any member of the group named 'admins' from this scope's IDSYS (or inherited IDSYS if applicable). This is a non-qualified group name since no domain, tenant, or root scope is specified. |
"group":["admins@hockey"] | Any member of the group named 'admins' from the 'hockey' storage domain's IDSYS (or its inherited IDSYS if applicable) |
"group":["admins+sports"] | Any member of the group named 'admins' from the 'sports' tenant's IDSYS (or its inherited IDSYS if applicable) |
"group":["admins@"] | Any member of the group named 'admins' only from the root IDSYS |
...
Manage | Action | Scope | Description | ||
---|---|---|---|---|---|
Global | * | R,T,D,B | all actions | ||
Tenants | ListTenants | R | List all tenants | ||
CreateTenant | R | Create a new or change an existing tenant | |||
GetTenant | R,T | Retrieve tenant properties | |||
DeleteTenant | R,T | Permanently remove tenant properties | |||
ListEtc | R,T | List documents associated with a tenant | |||
Domains | ListDomains | R,T | List the domains owned by the _system tenant | ||
CreateDomain | R,T | Create a domain for the _system tenant | |||
GetDomain | R,T,D | GET a domain | |||
DeleteDomain | R,T,D | Delete a domain | |||
Policies | ListEtc | R,T,D | List documents associated with a tenant or a storage domain | ||
PutPolicy | R,T,D | Create or update an access control policy JSON document | |||
GetPolicy | R,T,D | Read an access control policy JSON document | |||
DeletePolicy | R,T,D | Permanently remove an access control policy JSON document | |||
| |||||
Authentication | TokenAdmin | R,T,D | Create and list authorization tokens for other users in the same scope | ||
CreateToken | R,T,D | Create an authentication token | |||
ListTokens | R,T,D | List user authentication tokens | |||
ValidateToken | R,T,D | Read an authentication token | |||
DeleteToken | R,T,D | Delete an authentication token |
...