From 6f6aa95abb2881e950613c931d9b96b40f7b94fb Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Tue, 28 Apr 2020 10:48:21 +0200 Subject: [PATCH] add Datastore.Backup, Datastore.PowerUser and Datastore.Reader role --- src/config/acl.rs | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/src/config/acl.rs b/src/config/acl.rs index 7b500d7d..0a398cac 100644 --- a/src/config/acl.rs +++ b/src/config/acl.rs @@ -33,6 +33,7 @@ pub const ROLE_AUDIT: u64 = PRIV_SYS_AUDIT | PRIV_DATASTORE_AUDIT; +/// Datastore.Admin can do anything on the datastore. pub const ROLE_DATASTORE_ADMIN: u64 = PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_MODIFY | @@ -40,9 +41,21 @@ PRIV_DATASTORE_READ | PRIV_DATASTORE_BACKUP | PRIV_DATASTORE_PRUNE; -pub const ROLE_DATASTORE_USER: u64 = +/// Datastore.Reader can read datastore content an do restore +pub const ROLE_DATASTORE_READER: u64 = +PRIV_DATASTORE_AUDIT | +PRIV_DATASTORE_READ; + +/// Datastore.Backup can do backup and restore, but no prune. +pub const ROLE_DATASTORE_BACKUP: u64 = PRIV_DATASTORE_BACKUP; +/// Datastore.PowerUser can do backup, restore, and prune. +pub const ROLE_DATASTORE_POWERUSER: u64 = +PRIV_DATASTORE_PRUNE | +PRIV_DATASTORE_BACKUP; + +/// Datastore.Audit can audit the datastore. pub const ROLE_DATASTORE_AUDIT: u64 = PRIV_DATASTORE_AUDIT; @@ -69,9 +82,17 @@ lazy_static! { ROLE_DATASTORE_ADMIN, "Datastore Administrator", )); - map.insert("Datastore.User", ( - ROLE_DATASTORE_USER, - "Datastore User", + map.insert("Datastore.Reader", ( + ROLE_DATASTORE_READER, + "Datastore Reader (inspect datastore content and do restores)", + )); + map.insert("Datastore.Backup", ( + ROLE_DATASTORE_BACKUP, + "Datastore Backup (backup and restore owned backups)", + )); + map.insert("Datastore.PowerUser", ( + ROLE_DATASTORE_POWERUSER, + "Datastore PowerUser (backup, restore and prune owned backup)", )); map.insert("Datastore.Audit", ( ROLE_DATASTORE_AUDIT,