# privilege_table is a list of priviliges and what operations are allowed
# per privilege.
-privilege_table = {"authority": ["register", "remove", "update", "resolve", "list", "getcredential", "*"],
+privilege_table = {"authority": ["register", "remove", "update", "resolve", "list", "listresources", "getcredential", "*"],
"refresh": ["remove", "update"],
- "resolve": ["resolve", "list", "getcredential", "listresources", "getversion"],
- "sa": ["getticket", "redeemslice", "redeemticket", "createslice", "deleteslice", "updateslice",
- "getsliceresources", "getticket", "loanresources", "stopslice", "startslice",
- "deleteslice", "resetslice", "listslices", "listnodes", "getpolicy", "createsliver"],
- "embed": ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver", "deleteslice", "updateslice", "getsliceresources"],
+ "resolve": ["resolve", "list", "listresources", "getcredential", "getversion"],
+ "sa": ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver", "deleteslice", "deletesliver", "updateslice",
+ "getsliceresources", "getticket", "loanresources", "stopslice", "startslice", "renewsliver",
+ "deleteslice", "deletesliver", "resetslice", "listslices", "listnodes", "getpolicy", "sliverstatus"],
+ "embed": ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver", "deleteslice", "deletesliver", "updateslice", "sliverstatus", "getsliceresources", "shutdown"],
"bind": ["getticket", "loanresources", "redeemticket"],
- "control": ["updateslice", "createslice", "createsliver", "stopslice", "startslice", "deleteslice", "resetslice", "getsliceresources", "getgids"],
- "info": ["listslices", "listnodes", "getpolicy"],
+ "control": ["updateslice", "createslice", "createsliver", "sliverstatus", "stopslice", "startslice", "deleteslice", "deletesliver", "resetslice", "getsliceresources", "getgids"],
+ "info": ["listslices", "listnodes", "getpolicy","listresources"],
"ma": ["setbootstate", "getbootstate", "reboot", "getgids", "gettrustedcerts"],
"operator": ["gettrustedcerts", "getgids"]}
+
##
# Determine tje rights that an object should have. The rights are entirely
# dependent on the type of the object. For example, users automatically
rl.add("resolve")
rl.add("info")
elif type == "sa":
- rl.add("authority,sa")
+ rl.add("authority")
+ rl.add("sa")
elif type == "ma":
- rl.add("authority,ma")
+ rl.add("authority")
+ rl.add("ma")
elif type == "authority":
- rl.add("authority,sa,ma")
+ rl.add("authority")
+ rl.add("sa")
+ rl.add("ma")
elif type == "slice":
rl.add("refresh")
rl.add("embed")
rl.add("resolve")
rl.add("info")
elif type == "sa":
- rl.add("authority,sa")
+ rl.add("authority")
+ rl.add("sa")
elif type == "ma":
- rl.add("authority,ma")
+ rl.add("authority")
+ rl.add("ma")
elif type == "authority":
- rl.add("authority,sa,ma")
+ rl.add("authority")
+ rl.add("sa")
+ rl.add("ma")
elif type == "slice":
rl.add("refresh")
rl.add("embed")
git://git.onelab.eu / sfa.git / blobdiff