mirror of
https://github.com/OpenKMIP/PyKMIP.git
synced 2025-04-08 19:25:06 +02:00
008f86cfa9
This change tweaks the format of operation policy files, renaming the 'default' section of each policy to 'preset'. This reinforces the idea that this section of the policy is used only when group- based access control is disabled. It also removes any ambiguity between this section of the policy and the actual 'default' policy built into the server.
169 lines
6.8 KiB
JSON
169 lines
6.8 KiB
JSON
{
|
|
"example": {
|
|
"preset": {
|
|
"CERTIFICATE": {
|
|
"LOCATE": "ALLOW_ALL",
|
|
"CHECK": "ALLOW_ALL",
|
|
"GET": "ALLOW_ALL",
|
|
"GET_ATTRIBUTES": "ALLOW_ALL",
|
|
"GET_ATTRIBUTE_LIST": "ALLOW_ALL",
|
|
"ADD_ATTRIBUTE": "ALLOW_OWNER",
|
|
"MODIFY_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DELETE_ATTRIBUTE": "ALLOW_OWNER",
|
|
"OBTAIN_LEASE": "ALLOW_ALL",
|
|
"ACTIVATE": "ALLOW_OWNER",
|
|
"REVOKE": "ALLOW_OWNER",
|
|
"DESTROY": "ALLOW_OWNER",
|
|
"ARCHIVE": "ALLOW_OWNER",
|
|
"RECOVER": "ALLOW_OWNER"
|
|
},
|
|
"SYMMETRIC_KEY": {
|
|
"REKEY": "ALLOW_OWNER",
|
|
"REKEY_KEY_PAIR": "ALLOW_OWNER",
|
|
"DERIVE_KEY": "ALLOW_OWNER",
|
|
"LOCATE": "ALLOW_OWNER",
|
|
"CHECK": "ALLOW_OWNER",
|
|
"GET": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTES": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTE_LIST": "ALLOW_OWNER",
|
|
"ADD_ATTRIBUTE": "ALLOW_OWNER",
|
|
"MODIFY_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DELETE_ATTRIBUTE": "ALLOW_OWNER",
|
|
"OBTAIN_LEASE": "ALLOW_OWNER",
|
|
"GET_USAGE_ALLOCATION": "ALLOW_OWNER",
|
|
"ACTIVATE": "ALLOW_OWNER",
|
|
"REVOKE": "ALLOW_OWNER",
|
|
"DESTROY": "ALLOW_OWNER",
|
|
"ARCHIVE": "ALLOW_OWNER",
|
|
"RECOVER": "ALLOW_OWNER"
|
|
},
|
|
"PUBLIC_KEY": {
|
|
"LOCATE": "ALLOW_ALL",
|
|
"CHECK": "ALLOW_ALL",
|
|
"GET": "ALLOW_ALL",
|
|
"GET_ATTRIBUTES": "ALLOW_ALL",
|
|
"GET_ATTRIBUTE_LIST": "ALLOW_ALL",
|
|
"ADD_ATTRIBUTE": "ALLOW_OWNER",
|
|
"MODIFY_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DELETE_ATTRIBUTE": "ALLOW_OWNER",
|
|
"OBTAIN_LEASE": "ALLOW_ALL",
|
|
"ACTIVATE": "ALLOW_OWNER",
|
|
"REVOKE": "ALLOW_OWNER",
|
|
"DESTROY": "ALLOW_OWNER",
|
|
"ARCHIVE": "ALLOW_OWNER",
|
|
"RECOVER": "ALLOW_OWNER"
|
|
},
|
|
"PRIVATE_KEY": {
|
|
"REKEY": "ALLOW_OWNER",
|
|
"REKEY_KEY_PAIR": "ALLOW_OWNER",
|
|
"DERIVE_KEY": "ALLOW_OWNER",
|
|
"LOCATE": "ALLOW_OWNER",
|
|
"CHECK": "ALLOW_OWNER",
|
|
"GET": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTES": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTE_LIST": "ALLOW_OWNER",
|
|
"ADD_ATTRIBUTE": "ALLOW_OWNER",
|
|
"MODIFY_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DELETE_ATTRIBUTE": "ALLOW_OWNER",
|
|
"OBTAIN_LEASE": "ALLOW_OWNER",
|
|
"GET_USAGE_ALLOCATION": "ALLOW_OWNER",
|
|
"ACTIVATE": "ALLOW_OWNER",
|
|
"REVOKE": "ALLOW_OWNER",
|
|
"DESTROY": "ALLOW_OWNER",
|
|
"ARCHIVE": "ALLOW_OWNER",
|
|
"RECOVER": "ALLOW_OWNER"
|
|
},
|
|
"SPLIT_KEY": {
|
|
"REKEY": "ALLOW_OWNER",
|
|
"REKEY_KEY_PAIR": "ALLOW_OWNER",
|
|
"DERIVE_KEY": "ALLOW_OWNER",
|
|
"LOCATE": "ALLOW_OWNER",
|
|
"CHECK": "ALLOW_OWNER",
|
|
"GET": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTES": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTE_LIST": "ALLOW_OWNER",
|
|
"ADD_ATTRIBUTE": "ALLOW_OWNER",
|
|
"MODIFY_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DELETE_ATTRIBUTE": "ALLOW_OWNER",
|
|
"OBTAIN_LEASE": "ALLOW_OWNER",
|
|
"GET_USAGE_ALLOCATION": "ALLOW_OWNER",
|
|
"ACTIVATE": "ALLOW_OWNER",
|
|
"REVOKE": "ALLOW_OWNER",
|
|
"DESTROY": "ALLOW_OWNER",
|
|
"ARCHIVE": "ALLOW_OWNER",
|
|
"RECOVER": "ALLOW_OWNER"
|
|
},
|
|
"TEMPLATE": {
|
|
"LOCATE": "ALLOW_OWNER",
|
|
"GET": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTES": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTE_LIST": "ALLOW_OWNER",
|
|
"ADD_ATTRIBUTE": "ALLOW_OWNER",
|
|
"MODIFY_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DELETE_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DESTROY": "ALLOW_OWNER"
|
|
},
|
|
"SECRET_DATA": {
|
|
"REKEY": "ALLOW_OWNER",
|
|
"REKEY_KEY_PAIR": "ALLOW_OWNER",
|
|
"DERIVE_KEY": "ALLOW_OWNER",
|
|
"LOCATE": "ALLOW_OWNER",
|
|
"CHECK": "ALLOW_OWNER",
|
|
"GET": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTES": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTE_LIST": "ALLOW_OWNER",
|
|
"ADD_ATTRIBUTE": "ALLOW_OWNER",
|
|
"MODIFY_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DELETE_ATTRIBUTE": "ALLOW_OWNER",
|
|
"OBTAIN_LEASE": "ALLOW_OWNER",
|
|
"GET_USAGE_ALLOCATION": "ALLOW_OWNER",
|
|
"ACTIVATE": "ALLOW_OWNER",
|
|
"REVOKE": "ALLOW_OWNER",
|
|
"DESTROY": "ALLOW_OWNER",
|
|
"ARCHIVE": "ALLOW_OWNER",
|
|
"RECOVER": "ALLOW_OWNER"
|
|
},
|
|
"OPAQUE_DATA": {
|
|
"REKEY": "ALLOW_OWNER",
|
|
"REKEY_KEY_PAIR": "ALLOW_OWNER",
|
|
"DERIVE_KEY": "ALLOW_OWNER",
|
|
"LOCATE": "ALLOW_OWNER",
|
|
"CHECK": "ALLOW_OWNER",
|
|
"GET": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTES": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTE_LIST": "ALLOW_OWNER",
|
|
"ADD_ATTRIBUTE": "ALLOW_OWNER",
|
|
"MODIFY_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DELETE_ATTRIBUTE": "ALLOW_OWNER",
|
|
"OBTAIN_LEASE": "ALLOW_OWNER",
|
|
"GET_USAGE_ALLOCATION": "ALLOW_OWNER",
|
|
"ACTIVATE": "ALLOW_OWNER",
|
|
"REVOKE": "ALLOW_OWNER",
|
|
"DESTROY": "ALLOW_OWNER",
|
|
"ARCHIVE": "ALLOW_OWNER",
|
|
"RECOVER": "ALLOW_OWNER"
|
|
},
|
|
"PGP_KEY": {
|
|
"REKEY": "ALLOW_OWNER",
|
|
"REKEY_KEY_PAIR": "ALLOW_OWNER",
|
|
"DERIVE_KEY": "ALLOW_OWNER",
|
|
"LOCATE": "ALLOW_OWNER",
|
|
"CHECK": "ALLOW_OWNER",
|
|
"GET": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTES": "ALLOW_OWNER",
|
|
"GET_ATTRIBUTE_LIST": "ALLOW_OWNER",
|
|
"ADD_ATTRIBUTE": "ALLOW_OWNER",
|
|
"MODIFY_ATTRIBUTE": "ALLOW_OWNER",
|
|
"DELETE_ATTRIBUTE": "ALLOW_OWNER",
|
|
"OBTAIN_LEASE": "ALLOW_OWNER",
|
|
"GET_USAGE_ALLOCATION": "ALLOW_OWNER",
|
|
"ACTIVATE": "ALLOW_OWNER",
|
|
"REVOKE": "ALLOW_OWNER",
|
|
"DESTROY": "ALLOW_OWNER",
|
|
"ARCHIVE": "ALLOW_OWNER",
|
|
"RECOVER": "ALLOW_OWNER"
|
|
}
|
|
}
|
|
}
|
|
}
|