Versions Compared

Old Version 18

changes.mady.by.user Bala Harish A(AC)

Saved on

compared with

New Version Current

changes.mady.by.user Jamshid Afshar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: clarified descriptions of the "any authenticated user" principal format
Table of Contents
minLevel1
maxLevel2
outlinefalse
typelist
printablefalse

...

Principal

Description

"anonymous":["*"]

An anonymous, unauthenticated user

"user":["*"]

Any authenticated user from any the context’s IDSYS scope

"user":["*@austin"]

Any authenticated user in the ‘austin’ domain’s idsys (or inherited IDSYS if applicable).

"user":["*+texas"]

Any authenticated user in the ‘texas’ tenant’s idsys (or inherited IDSYS if applicable).

"user":["gcarlin"]

A user named 'gcarlin' from this scope's IDSYS (or inherited IDSYS if applicable). This is a non-qualified user name since no domain, tenant, or root scope is specified.

"user":["gcarlin@cars"]

A user named 'gcarlin' from the 'cars' storage domain's IDSYS (or its inherited IDSYS if applicable)

"user":["gcarlin+movies"]

A user named 'gcarlin' from the 'movies' tenant's IDSYS (or its inherited IDSYS if applicable)

"user":["gcarlin@"]

A user named 'gcarlin' only from the root IDSYS

"group":["admins"]

Any member of the group named 'admins' from this scope's IDSYS (or inherited IDSYS if applicable). This is a non-qualified group name since no domain, tenant, or root scope is specified.

"group":["admins@hockey"]

Any member of the group named 'admins' from the 'hockey' storage domain's IDSYS (or its inherited IDSYS if applicable)

"group":["admins+sports"]

Any member of the group named 'admins' from the 'sports' tenant's IDSYS (or its inherited IDSYS if applicable)

"group":["admins@"]

Any member of the group named 'admins' only from the root IDSYS

...

Manage

Action

Scope

Description

Global

*

R,T,D,B

all actions

Tenants

ListTenants

R

List all tenants

CreateTenant

R

Create a new or change an existing tenant

GetTenant

R,T

Retrieve tenant properties

DeleteTenant

R,T

Permanently remove tenant properties

ListEtc

R,T

List documents associated with a tenant

Domains

ListDomains

R,T

List the domains owned by the _system tenant

CreateDomain

R,T

Create a domain for the _system tenant

GetDomain

R,T,D

GET a domain

DeleteDomain

R,T,D

Delete a domain

Policies

ListEtc

R,T,D

List documents associated with a tenant or a storage domain

PutPolicy

R,T,D

Create or update an access control policy JSON document

GetPolicy

R,T,D

Read an access control policy JSON document

DeletePolicy

R,T,D

Permanently remove an access control policy JSON document

Info

Important

The actions ListEtc, PutPolicy, GetPolicy, and DeletePolicy applies to configuration documents like access control policies, IDSYS, and Remote Synchronous Write (RSW) configuration.

Authentication
Tokens

TokenAdmin

R,T,D

Create and list authorization tokens for other users in the same scope

CreateToken

R,T,D

Create an authentication token

ListTokens

R,T,D

List user authentication tokens

ValidateToken

R,T,D

Read an authentication token

DeleteToken

R,T,D

Delete an authentication token

...