# privilege_table is a list of priviliges and what operations are allowed
# per privilege.
-privilege_table = {"authority": ["register", "remove", "update", "resolve", "list", "getcredential"],
+privilege_table = {"authority": ["register", "remove", "update", "resolve", "list", "getcredential", "*"],
"refresh": ["remove", "update"],
"resolve": ["resolve", "list", "getcredential"],
- "sa": ["getticket", "redeemslice", "createslice", "deleteslice", "updateslice",
+ "sa": ["getticket", "redeemslice", "redeemticket", "createslice", "deleteslice", "updateslice",
"getsliceresources", "getticket", "loanresources", "stopslice", "startslice",
"deleteslice", "resetslice", "listslices", "listnodes", "getpolicy"],
- "embed": ["getticket", "redeemslice", "createslice", "deleteslice", "updateslice", "getsliceresources"],
- "bind": ["getticket", "loanresources"],
- "control": ["updateslice", "createslice", "stopslice", "startslice", "deleteslice", "resetslice", "getsliceresources"],
+ "embed": ["getticket", "redeemslice", "redeemticket", "createslice", "deleteslice", "updateslice", "getsliceresources"],
+ "bind": ["getticket", "loanresources", "redeemticket"],
+ "control": ["updateslice", "createslice", "stopslice", "startslice", "deleteslice", "resetslice", "getsliceresources", "getgids"],
"info": ["listslices", "listnodes", "getpolicy"],
- "ma": ["setbootstate", "getbootstate", "reboot"]}
+ "ma": ["setbootstate", "getbootstate", "reboot", "getgids", "gettrustedcerts"],
+ "operator": ["gettrustedcerts", ""]}
##
git://git.onelab.eu / sfa.git / blobdiff