Management API Reference for access=authorization

The access control definitions defining the access management restrictions.

Children (2)

constraint
role-mapping

Attributes (5)

all-role-names - The official names of all roles supported by the current management access control provider. This includes any standard roles as well as any user-defined roles.

Type	LIST
Where is the attribute stored?	runtime
Access Type	read-only
Stability Level	default
Raw DMR model	{ "type" : { "TYPE_MODEL_VALUE" : "LIST" }, "description" : "The official names of all roles supported by the current management access control provider. This includes any standard roles as well as any user-defined roles.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 0, "max-length" : 2147483647, "stability" : "default", "value-type" : { "TYPE_MODEL_VALUE" : "STRING" }, "access-type" : "read-only", "storage" : "runtime", "restart-required" : null, "capability-reference" : null }

permission-combination-policy - The policy for combining access control permissions when the authorization policy grants the user more than one type of permission for a given action. In the standard role based authorization policy, this would occur when a user maps to multiple roles. The 'permissive' policy means if any of the permissions allow the action, the action is allowed. The 'rejecting' policy means the existence of multiple permissions should result in an error.

Type	STRING
Default Value	permissive
Is the attribute nillable?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	no-services
Allowed Values	rejecting permissive
Stability Level	default
Raw DMR model	{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The policy for combining access control permissions when the authorization policy grants the user more than one type of permission for a given action. In the standard role based authorization policy, this would occur when a user maps to multiple roles. The 'permissive' policy means if any of the permissions allow the action, the action is allowed. The 'rejecting' policy means the existence of multiple permissions should result in an error.", "expressions-allowed" : false, "required" : false, "nillable" : true, "default" : "permissive", "allowed" : [ "permissive", "rejecting" ], "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "no-services", "capability-reference" : null }

provider - The provider to use for management access control decisions.

Type	STRING
Default Value	simple
Is the attribute nillable?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	no-services
Allowed Values	rbac simple
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "STRING" }, "description" : "The provider to use for management access control decisions.", "expressions-allowed" : false, "required" : false, "nillable" : true, "default" : "simple", "allowed" : [ "simple", "rbac" ], "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "no-services", "capability-reference" : null }`

standard-role-names - The official names of the standard roles supported by the current management access control provider.

Type	LIST
Where is the attribute stored?	runtime
Access Type	read-only
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "LIST" }, "description" : "The official names of the standard roles supported by the current management access control provider.", "expressions-allowed" : false, "required" : true, "nillable" : false, "min-length" : 0, "max-length" : 2147483647, "stability" : "default", "value-type" : { "TYPE_MODEL_VALUE" : "STRING" }, "access-type" : "read-only", "storage" : "runtime", "restart-required" : null, "capability-reference" : null }`

use-identity-roles - Should the raw roles obtained from the underlying security identity be used directly?

Type	BOOLEAN
Default Value	false
Is the attribute nillable?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	no-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "Should the raw roles obtained from the underlying security identity be used directly?", "expressions-allowed" : false, "required" : false, "nillable" : true, "default" : false, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "no-services", "capability-reference" : null }`

Galleon Features

Galleon features are to be used when creating Galleon feature-packs.

core-service.management.access.authorization

        
<feature spec="core-service.management.access.authorization">
  <param name="permission-combination-policy" value="{value}"/>
  <param name="provider" value="{value}"/>
  <param name="use-identity-roles" value="{value}"/>
<feature/>