Authorization System Entities
- User: represents each user in the system. A user is uniquely identified by the Name attribute. A user can be assigned zero, one, or many roles.
- Name: the name of the user
- Roles: list of roles
- Role: represents a set of permissions a description of the collective purpose of that set. A role is uniquely identified by the Name attribute. Roles contain permissions, which are inherited by users in that role.
- Name: the name of the role (e.g. “PoolManager”, “GroupAdministrator”)
- Allow: list of permission names
- Permission: represents a set of operations that a user can perform. A permission is uniquely identified by the Name attribute. A permission consists of a filter expression and a list of operations this permission grants. See Permission Behavior and Permission Filter Evaluation for details on how permissions are used.
- Name: the name of permission (e.g. “ManageMyJobs”, “ManageGroupUsers”)
- Operations: list of operations granted by this permission
- Filter: an expression which will be applied to all queries and updates
- ForTypes: a list of the types of ads for which this applies, undefined applies it to every adtype
Example Permission Filter:
- Operation: represents a single action that can be done in the context of CycleServer. An operation is uniquely identified by the Name attribute. Operations are the names of actions used for url access, datastore access, and custom actions.
- Name: the name of the operation (e.g. “DeleteJob”, “AddUser”)