Access Control Lists (Permissions)
Note
|
This page is marked as "earlydoc", which means that it more of a collection of notes and an early draft before this page turns into good documentation later on. It is hoped that this early form of documentation is useful to you, but please understand that most documentation pages are higher quality than this. If you have suggestions or comments, please do get in contact or consider contributing your suggestions to the OliveTin documentation. |
You can control access to actions within OliveTin on a per-user basis, using Access Control Lists (ACL).
An action always starts with defaultPermissions
(see below), and then then have one or more ACLs applied to it. This means that you can for example have an action that is only available to a certain group of users, or only to a single user.
Let’s say you have a user james
and a usergroup admins
. You can then create an ACL that only allows james
and users in the admins
group to view and execute an action.
You can specify default permissions for all actions by changing the defaultPermissions
like this;
config.yaml
defaultPermissions:
view: false
exec: false
logs: true
In the example above, all users will start off with the permissions to only see action logs - but will not be able to view or execute actions.
It is then possible to add an "admins" ACL on top of every action. In the example below, we define one extra ACL called "admins", which matches any users with the usergroup also called "admins". This ACL will then be applied to all actions, and will allow users in the "admins" usergroup to view and execute the action.
config.yaml
defaultPermissions:
view: false
exec: false
accessControlLists:
- name: admins
matchUsergroups:
- admins
permissions:
view: true
exec: true
actions:
- title: Shutdown Reactor
acls:
- admins
ACL Matching - usernames and usergroups.
You can match users based on their usergroup which is the most common, but it is also possible to match based on the user’s username.
config.yaml
accessControlLists:
- name: admins
matchUsergroups:
- admins
permissions:
view: true
exec: true
- name: james
matchUserNames:
- james
permissions:
view: true
exec: true
Add an ACL to every action
Sometimes you want to define an ACL that applies to all actions. It can be tedious and error prone to manually add the ACL under the "acls" list for every action, if you have several actions. Instead, there is a shortcut to add an ACL to all actions - addToEveryAction: true
.
config.yaml
accessControlLists:
- name: admins
matchUsergroups:
- admins
permissions:
view: true
exec: true
addToEveryAction: true