...
DuraCloud leverages Spring's mechanism for wiring AuthN/Z into an application across servlet url patterns.
The following access rules are placed across the durastore and duraservice REST-APIs:
| Panel |
|---|
| title | Store Initialization REST Methods - Common across all applications |
|---|
|
Action | Role |
|---|
Is Initialized | ROLE_ANONYMOUS |
|---|
Initialize Stores | ROLE_ROOT | Initialize Security Users | ROLE_ROOT |
|
| Panel |
|---|
| title | DuraStore REST Methods |
|---|
|
Action | Role |
|---|
Get Stores | ROLE_USER | Get Spaces | ROLE_ANONYMOUS if space 'open'ACL allows public read, else ROLE_USER | Get Space | ROLE_ANONYMOUS if space 'open'ACL allows public read, else ROLE_USER | Get Space Properties | ROLE_ANONYMOUS if space ACL allows public read, else ROLE_USER | Get Space ACLs | ROLE_ANONYMOUS if space 'open'ACL allows public read, else ROLE_USER | Create Space | ROLE_USERADMIN | Set Space Properties | ROLE_USER | Set Space ALCs | ROLE_ADMIN | Delete Space | ROLE_USERADMIN | Get Content | ROLE_ANONYMOUS if space 'open'ACL allows public read, else ROLE_USER | Get Content Properties | ROLE_ANONYMOUS if space 'open'ACL allows public read, else ROLE_USER | Store Content | ROLE_USER | Copy Content | ROLE_USER | Set Content Properties | ROLE_USER | Delete Content | ROLE_USER | Get Tasks | ROLE_ADMIN | Perform Task | ROLE_ADMIN |
|
| Panel |
|---|
| title | Service DuraService REST Methods |
|---|
|
Action | Role |
|---|
Initialize Services | ROLE_ROOT | Initialize Security Users | ROLE_ROOT | Get Services | ROLE_USER | Get Service | ROLE_USER | Get Deployed Service | ROLE_USER | Get Deployed Service Properties | ROLE_USER | Deploy Service | ROLE_USER | Update Service Configuration | ROLE_USER | UnDeploy Service | ROLE_USER |
|
| Panel |
|---|
| title | DuraBoss REST Methods |
|---|
|
Action | Role |
|---|
Initialize DuraBoss Application | ROLE_ROOT | Initialize Security Users | ROLE_ROOT |
|---|
Get Latest Storage Report | ROLE_ADMIN | Get Storage Report List | ROLE_ADMIN | Get Storage Report | ROLE_ADMIN | Get Storage Report Info | ROLE_ADMIN | Start Storage Report | ROLE_ADMIN | Cancel Storage Report | ROLE_ADMIN | Schedule Storage Report | ROLE_ADMIN | Cancel Storage Report Schedule | ROLE_ADMIN | Get Deployed Services Report | ROLE_ADMIN | Get Completed Services Report | ROLE_ADMIN | Get Completed Services Report List | ROLE_ADMIN | Get Services Report | ROLE_ADMIN | Get Executor Status | ROLE_ADMIN | Get Supported Executor Actions | ROLE_ADMIN | Perform an Executor Action | ROLE_ADMIN | Shutdown Executor | ROLE_ADMIN | Create Initial Audit Log | ROLE_ADMIN | Get Audit Logs | ROLE_ADMIN | Shutdown Auditor | ROLE_ADMIN | Get Content Manifest | ROLE_ADMIN |
|
| Panel |
|---|
| title | Administrative UI REST Methods |
|---|
|
Action | Role |
|---|
Initialize DurAdmin Application | ROLE_ROOT | Initialize Security Users | ROLE_ROOT |
|
Roles
The fixed set of users/roles listed below are provided in DuraCloud. Each role in the list below represents a super set of the privileges of those above it.
...