Module: SDM::Permission

Defined in:

lib/constants.rb

Overview

Permissions, all permissions that may be granted to an account.

Constant Summary

RELAY_LIST =

"relay:list"

RELAY_CREATE =

"relay:create"

DATASOURCE_LIST =

"datasource:list"

DATASOURCE_CREATE =

"datasource:create"

DATASOURCE_HEALTHCHECK =

"datasource:healthcheck"

DEPRECATED_DATASOURCE_GRANT =

"datasource:grant"

DATASOURCE_DELETE =

"datasource:delete"

DATASOURCE_UPDATE =

"datasource:update"

RESOURCE_LOCK_DELETE =

"resourcelock:delete"

RESOURCE_LOCK_LIST =

"resourcelock:list"

SECRET_ENGINE_CREATE =

"secretengine:create"

SECRET_ENGINE_LIST =

"secretengine:list"

SECRET_ENGINE_DELETE =

"secretengine:delete"

SECRET_ENGINE_UPDATE =

"secretengine:update"

SECRET_ENGINE_STATUS =

"secretengine:status"

SECRET_STORE_CREATE =

"secretstore:create"

SECRET_STORE_LIST =

"secretstore:list"

SECRET_STORE_DELETE =

"secretstore:delete"

SECRET_STORE_UPDATE =

"secretstore:update"

SECRET_STORE_STATUS =

"secretstore:status"

REMOTE_IDENTITY_GROUP_WRITE =

"remoteidentitygroup:write"

REMOTE_IDENTITY_GROUP_READ =

"remoteidentitygroup:read"

REMOTE_IDENTITY_WRITE =

"remoteidentity:write"

REMOTE_IDENTITY_READ =

"remoteidentity:read"

USER_CREATE =

"user:create"

USER_LIST =

"user:list"

USER_UPDATE_ADMIN =

"user:update_admin"

USER_CREATE_ADMIN_TOKEN =

"user:create_admin_token"

USER_CREATE_SERVICE_ACCOUNT =

"user:create_service_account"

USER_SET_PERMISSION_LEVEL =

"user:set_strong_role"

USER_UPDATE =

"user:update"

USER_INITIATE_PASSWORD_RESET =

"user:initiate_password_reset"

USER_DELETE =

"user:delete"

USER_ASSIGN =

"user:assign"

USER_SUSPEND =

"user:suspend"

USER_SET_PASSWORD =

"user:set_password"

DEMO_PROVISIONING_REQUEST_CREATE =

"demoprovisioningrequest:create"

DEMO_PROVISIONING_REQUEST_LIST =

"demoprovisioningrequest:list"

ROLE_LIST =

"role:list"

ROLE_CREATE =

"role:create"

ROLE_DELETE =

"role:delete"

ROLE_UPDATE =

"role:update"

ORG_VIEW_SETTINGS =

"organization:view_settings"

ORG_EDIT_SETTINGS =

"organization:edit_settings"

ORG_DEPLOYMENT_DOCTOR =

"organization:deployment_doctor"

ORG_LIST_CHILDREN =

"organization:list_children"

ORG_CREATE_CHILD_ORGANIZATION =

"organization:create_child_organization"

ORG_AUDIT_USERS =

"audit:users"

ORG_AUDIT_ROLES =

"audit:roles"

ORG_AUDIT_DATASOURCES =

"audit:datasources"

ORG_AUDIT_NODES =

"audit:nodes"

ORG_AUDIT_PERMISSIONS =

"audit:permissions"

ORG_AUDIT_QUERIES =

"audit:queries"

ORG_AUDIT_ACTIVITIES =

"audit:activities"

ORG_AUDIT_SSH =

"audit:ssh"

ORG_AUDIT_ACCOUNT_GRANTS =

"audit:accountgrants"

ORG_AUDIT_ORG =

"audit:organization"

ORG_AUDIT_REMOTE_IDENTITIES =

"audit:remoteidentities"

ORG_AUDIT_REMOTE_IDENTITY_GROUPS =

"audit:remoteidentitygroups"

ORG_AUDIT_SECRET_ENGINES =

"audit:secretengines"

ORG_AUDIT_SECRET_STORES =

"audit:secretstores"

ORG_AUDIT_WORKFLOWS =

"audit:workflows"

ORG_AUDIT_APPROVAL_FLOWS =

"audit:approvalflows"

ORG_AUDIT_ACCESS_REQUESTS =

"audit:accessrequests"

ORG_AUDIT_POLICIES =

"audit:policies"

WORKFLOW_LIST =

"workflow:list"

WORKFLOW_EDIT =

"workflow:edit"

ACCESS_REQUEST_EDIT =

"accessrequest:edit"

ACCESS_REQUEST_LIST =

"accessrequest:list"

ACCESS_REQUEST_REQUESTER =

"accessrequest:requester"

APPROVAL_FLOW_EDIT =

"approvalflow:edit"

APPROVAL_FLOW_LIST =

"approvalflow:list"

GLOBAL_RDP_RENDER =

"rdp:render"

GLOBAL_QUERY_BUCKET_TRACKER =

"query:bucket_tracker"

GLOBAL_ASSETS_GET_LATEST_VERSION_COMMIT_HASH =

"assets:get_latest_version_commit_hash"

GLOBAL_SDMOS_SERVICE =

"sdmos:service"

GLOBAL_SDMOS_DEPLOYMENT =

"sdmos:deployment"

GLOBAL_SDMOS_RELEASE =

"sdmos:release"

GLOBAL_DEMO_PROVISIONER =

"demo:provision"

INSTALLATION_BLESS =

"installation:bless"

INSTALLATION_CREATE =

"installation:create"

INSTALLATION_REVOKE =

"installation:revoke"

TESTING_ORG_CREATE =

"testing:organization:create"

TESTING_ORG_DELETE =

"testing:organization:delete"

TESTING_NO_PERMISSIONS =

"testing:noperms"

TESTING_FETCH_QUERIES =

"testing:queries:get"

GRANT_READ =

"grant:read"

GRANT_WRITE =

"grant:write"

REPORT_READ =

"report:read"

BILLING_READ =

"billing:read"

CREDENTIAL_READ =

"credential:read"

CREDENTIAL_WRITE =

"credential:write"

MANAGED_SECRET_CREATE =

"managedsecret:create"

MANAGED_SECRET_LIST =

"managedsecret:list"

MANAGED_SECRET_DELETE =

"managedsecret:delete"

MANAGED_SECRET_UPDATE =

"managedsecret:update"

MANAGED_SECRET_READ =

"managedsecret:read"