Page History
...
Sample DB entries for the default policies:
Root admin policy
This policy should allow all API operations on all types of resources for all domains and accounts. We can represent this policy in following fashion in the db schema:
account
id | account_name | uuid | domain_id |
|---|---|---|---|
2 | admin | 1c5afd64-482b-11e3-86f3-8118f47f9f9f | 1 |
3 | domainAdmin | 929d172c-b95e-4b86-9474-9789072c9bdb | 2 |
4 | domainUserA | f96ddb47-d3c0-4360-a9cd-613d631c8333 | 2 |
acl_group
id | name | description | uuid | domain_id | removed | created |
|---|---|---|---|---|---|---|
1 | REGULAR_USER | Domain user group | d283d4f0-31f0-11e3-ad37-80f85ce25918 | 1 | NULL | 2013-10-10 14:13:34 |
2 | ADMIN | Root admin group | d283de28-31f0-11e3-ad37-80f85ce25918 | 1 | NULL | 2013-10-10 14:13:34 |
3 | DOMAIN_ADMIN | Domain admin group | d283e6e8-31f0-11e3-ad37-80f85ce25918 | 1 | NULL | 2013-10-10 14:13:34 |
acl_group_account_map
id | group_id | account_id | removed | created |
|---|---|---|---|---|
2 | 2 | 2 | NULL | 2013-10-10 14:13:34 |
3 | 3 | 3 | NULL | 2013-10-11 00:14:54 |
4 | 1 | 4 | NULL | 2013-10-11 00:19:55 |
acl_policy
id | name | description | uuid | domain_id | removed | created | policy_type |
|---|---|---|---|---|---|---|---|
1 | REGULAR_USER | Domain user role | d2838dce-31f0-11e3-ad37-80f85ce25918 | 1 | NULL | 2013-10-10 14:13:34 | Static |
2 | ADMIN | Root admin role | d2839c56-31f0-11e3-ad37-80f85ce25918 | 1 | NULL | 2013-10-10 14:13:34 | Static |
3 | DOMAIN_ADMIN | Domain admin role | d283a7f0-31f0-11e3-ad37-80f85ce25918 | 1 | NULL | 2013-10-10 14:13:34 | Static |
6 | RESOURCE_OWNER | Resource owner role | d283c794-31f0-11e3-ad37-80f85ce25918 | 1 | NULL | 2013-10-10 14:13:34 | Dynamic |
acl_group_policy_map;
id | group_id | policy_id | removed | created |
|---|---|---|---|---|
1 | 1 | 1 | NULL | 2013-10-10 14:13:34 |
2 | 2 | 2 | NULL | 2013-10-10 14:13:34 |
3 | 3 | 3 | NULL | 2013-10-10 14:13:34 |
Sample DB entries for the policy permissions for 'StartVM' operation:
acl_permission
id | action | resource_type | scope_id | scope | access_type | permission | removed | created |
|---|---|---|---|---|---|---|---|---|
1 | startVirtualMachine | VirtualMachine | NULL | ALL | NULL | Allow | NULL | 2013-10-10 14:13:34 |
2 | startVirtualMachine | VirtualMachine | $domainId | Domain | NULL | Allow | NULL | 2013-10-10 14:13:34 |
3 | startVirtualMachine | VirtualMachine | $accountId | Account | NULL | Allow | NULL | 2013-10-10 14:13:34 |
acl_policy_permission_map
id | policy_id | permission_id | removed | created |
|---|---|---|---|---|
1 | 6 | 3 | NULL | 2013-10-10 14:13:34 |
2 | 2 | 1 | NULL | 2013-10-10 14:13:34 |
3 | 3 | 2 | NULL | 2013-10-10 14:13:34 |
Access Check Flow
...
Overview
Content Tools
Apps