Skip to content

Security roles

Jump to bottom Edit New page
bugzmanov edited this page Aug 2, 2012 · 4 revisions

Genesis project : Security roles

Genesis provide ability to assign one of it's predefined roles to particular user or group. Each role specify concrete set of actions that user will be allowed to perform

Currently genesis support 2 types of "static" roles:

  • System roles - roles that affect user capabilities though the whole application
  • Project roles - roles that affect user capabilities in particular project.

System roles

System roles can be manipulated via system settings or via rest api (role management Rest api)

Supported roles:

  • ROLE_GENESIS_USER - to be able to login to genesis application user must have this role (please be aware about genesis.auth.role property). Note: even system admin without this role shouldn't be able to login into app
  • ROLE_GENESIS_ADMIN - system admin has practically no restrictions (i.e. it should have access to ALL available rest calls).

Rest api that is available ONLY to system admin 

  • /rest/groups/**  except GET requests that are also accessible by project admins
  • /rest/users/**  except GET requests that are also accessible by project admins
  • /rest/plugins/**
  • /rest/settings/**
  • /rest/projects*  delete and post requests

Project roles

Project roles can be manipulated via project settings or via rest api (role management Rest api)

Supported roles:

  • ROLE_GENESIS_PROJECT_USER - role that allows user to execute envs manipulation
    Availbale rest api:

    • /rest/projects/(projectId)/envs/**
    • /rest/projects/(projectId)/** - GET
    • /rest/projects/(projectId)/permissions - GET
    • /rest/projects - GET (list of projects will be filtered)
      projectId - project id of a project in which user has the role assigned

  • ROLE_GENESIS_PROJECT_ADMIN - role that allow user ability to manipulate project settings, i.e. grant other users access to the project, modify basic project properties, manipulate project's credentials, etc..
    Available rest api:

    • Everything that is available to ROLE_GENESIS_PROJECT_USER
    • /rest/projects/(projectId)/roles/** - PUT
    • /rest/projects/(projectId)/credentials/**  
    • /rest/projects/(projectId)  -PUT
    • /rest/groups* and /rest/users/* - GET

projectId - project id of a project in which user has the role assigned

Add a custom footer
Add a custom sidebar

Clone this wiki locally