Ruoli
Roles are privileges which can be assigned to identities.
All Roles are either privileges scoped to a context or to an identity. Each service can define their own roles and scopes.
Ruoli con ambito identity
Identity scoped roles are roles assigned to identities which give actions over itself or other identities.
For example,
- assigning a password to an identity is a privilege. Not every user of an identity will have this privilege.
- generating a api-key for an identity is a privilege. Not every user of an identity will have this privilege.
Esempi di ruoli
Ruoli con ambito context
Context scoped roles are roles assigned to identities which give action over resources in a context.
For example,
- update/deploy rss2email integration via the flows service
- container deployments
- access logs and metrics
Esempi di ruoli
- “https://dtz.rocks/context/admin/{context_id}"
- “https://dtz.rocks/flows/admin/{context_id}"
- “https://dtz.rocks/containers/admin/{context_id}"
- “https://dtz.rocks/observability/admin/{context_id}"
Ruoli Context disponibili
| ID | Nome | Ambito |
|---|---|---|
| role-bfd584a9 | amministratore objectstore | https://dtz.rocks/objectstore/admin/{context_id} |
| role-6bd059b1 | amministratore containerregistry | https://dtz.rocks/containerregistry/admin/{context_id} |
| role-bb6d04d9 | amministratore rss2email | https://dtz.rocks/rss2email/admin/{context_id} |
| role-e7e4c3b3 | amministratore contesto | https://dtz.rocks/context/admin/{context_id} |
| role-bc43f2da | amministratore containers | https://dtz.rocks/containers/admin/{context_id} |
| role-f880b4a8 | amministratore osservabilità | https://dtz.rocks/observability/admin/{context_id} |
Ruoli Identity disponibili
| ID | Nome | Ambito |
|---|---|---|
| role-e5832d4c | amministratore fatturazione | https://dtz.rocks/billing/admin/{identity_id} |
| role-ceb9417c | amministratore identità | https://dtz.rocks/identity/admin/{identity_id} |
| role-5001d9c9 | assumere identità | https://dtz.rocks/identity/assume/{identity_id} |