diff --git a/_private/configmaps/stage/rbac-config.yml b/_private/configmaps/stage/rbac-config.yml index e78881e7..99014625 100644 --- a/_private/configmaps/stage/rbac-config.yml +++ b/_private/configmaps/stage/rbac-config.yml @@ -954,6 +954,458 @@ objects: } ] } + rhel.json: | + { + "roles": [ + { + "name": "RHEL viewer", + "display_name": "RHEL viewer", + "description": "Grants read-only access to RHEL Insights. Users can view system configs, compliance reports, inventory data, patch info, vulnerabilities and more to observe the state of resources/activities, but can’t perform actions other than generating activation keys.", + "system": true, + "platform_default": false, + "admin_default": false, + "version": 1, + "access": [ + { + "permission": "advisor:*:read" + }, + { + "permission": "compliance:policy:read" + }, + { + "permission": "compliance:report:read" + }, + { + "permission": "compliance:system:read" + }, + { + "permission": "config-manager:activation_keys:read" + }, + { + "permission": "config-manager:activation_keys:write" + }, + { + "permission": "config-manager:state:read" + }, + { + "permission": "config-manager:state-changes:read" + }, + { + "permission": "content-sources:repositories:read" + }, + { + "permission": "content-sources:templates:read" + }, + { + "permission": "integrations:endpoints:read" + }, + { + "permission": "inventory:hosts:read" + }, + { + "permission": "inventory:groups:read" + }, + { + "permission": "malware-detection:*:read" + }, + { + "permission": "notifications:notifications:read" + }, + { + "permission": "notifications:events:read" + }, + { + "permission": "patch:*:read" + }, + { + "permission": "playbook-dispatcher:run:read", + "resourceDefinitions": [ + { + "attributeFilter": { + "key": "service", + "operation": "equal", + "value": "remediations" + } + } + ] + }, + { + "permission": "policies:policies:read" + }, + { + "permission": "remediations:remediation:read" + }, + { + "permission": "ros:*:read" + }, + { + "permission": "staleness:staleness:read" + }, + { + "permission": "vulnerability:vulnerability_results:read" + }, + { + "permission": "vulnerability:system.opt_out:read" + }, + { + "permission": "vulnerability:report_and_export:read" + }, + { + "permission": "vulnerability:advanced_report:read" + }, + { + "permission": "vulnerability:*:read" + } + ] + }, + { + "name": "RHEL operator", + "display_name": "RHEL operator", + "description": "Grants edit access to system configs, inventory, policies, and notifications/integrations. View compliance reports, patch info, malware detections, and recommendations. Initiate remediations, manage staleness data and modify vulnerability settings.", + "system": true, + "platform_default": false, + "admin_default": false, + "version": 1, + "access": [ + { + "permission": "advisor:*:*" + }, + { + "permission": "compliance:policy:read" + }, + { + "permission": "compliance:policy:update" + }, + { + "permission": "compliance:policy:write" + }, + { + "permission": "compliance:report:read" + }, + { + "permission": "compliance:system:read" + }, + { + "permission": "config-manager:activation_keys:read" + }, + { + "permission": "config-manager:activation_keys:write" + }, + { + "permission": "config-manager:state:read" + }, + { + "permission": "config-manager:state-changes:read" + }, + { + "permission": "content-sources:repositories:read" + }, + { + "permission": "content-sources:templates:read" + }, + { + "permission": "integrations:*:*" + }, + { + "permission": "inventory:hosts:read" + }, + { + "permission": "inventory:groups:read" + }, + { + "permission": "inventory:hosts:write" + }, + { + "permission": "inventory:groups:write" + }, + { + "permission": "malware-detection:*:read" + }, + { + "permission": "malware-detection:user_acknowledgement:write" + }, + { + "permission": "notifications:notifications:read" + }, + { + "permission": "notifications:events:read" + }, + { + "permission": "notifications:notifications:write" + }, + { + "permission": "patch:*:*" + }, + { + "permission": "patch:system:write" + }, + { + "permission": "patch:template:write" + }, + { + "permission": "playbook-dispatcher:run:read", + "resourceDefinitions": [ + { + "attributeFilter": { + "key": "service", + "operation": "equal", + "value": "remediations" + } + } + ] + }, + { + "permission": "policies:policies:read" + }, + { + "permission": "policies:policies:write" + }, + { + "permission": "remediations:remediation:read" + }, + { + "permission": "remediations:remediation:write" + }, + { + "permission": "remediations:*:read" + }, + { + "permission": "remediations:*:write" + }, + { + "permission": "ros:*:read" + }, + { + "sources": "sources:*:*" + }, + { + "permission": "staleness:staleness:read" + }, + { + "permission": "staleness:staleness:write" + }, + { + "permission": "vulnerability:vulnerability_results:read" + }, + { + "permission": "vulnerability:system.opt_out:read" + }, + { + "permission": "vulnerability:report_and_export:read" + }, + { + "permission": "vulnerability:advanced_report:read" + }, + { + "permission": "vulnerability:*:read" + }, + { + "permission": "vulnerability:cve.business_risk_and_status:write" + }, + { + "permission": "vulnerability:system.opt_out:write" + } + ] + }, + { + "name": "RHEL admin", + "display_name": "RHEL admin", + "description": "Grants full access to RHEL system configs, inventory, compliance, notifications, patch management, remediations, malware detection, and advisor. View/modify vulnerability settings.", + "system": true, + "platform_default": false, + "admin_default": false, + "version": 1, + "access": [ + { + "permission": "advisor:*:*" + }, + { + "permission": "compliance:policy:read" + }, + { + "permission": "compliance:policy:update" + }, + { + "permission": "compliance:policy:write" + }, + { + "permission": "compliance:policy:create" + }, + { + "permission": "compliance:policy:delete" + }, + { + "permission": "compliance:report:read" + }, + { + "permission": "compliance:system:read" + }, + { + "permission": "compliance:*:*" + }, + { + "permission": "config-manager:activation_keys:read" + }, + { + "permission": "config-manager:activation_keys:write" + }, + { + "permission": "config-manager:state:read" + }, + { + "permission": "config-manager:state:write" + }, + { + "permission": "config-manager:state-changes:read" + }, + { + "permission": "content-sources:repositories:read" + }, + { + "permission": "content-sources:templates:read" + }, + { + "permission": "content-sources:repositories:write" + }, + { + "permission": "content-sources:templates:write" + }, + { + "permission": "content-sources:repositories:upload" + }, + { + "permission": "integrations:*:*" + }, + { + "permission": "inventory:hosts:read" + }, + { + "permission": "inventory:groups:read" + }, + { + "permission": "inventory:hosts:write" + }, + { + "permission": "inventory:groups:write" + }, + { + "permission": "inventory:*:*" + }, + { + "permission": "malware-detection:*:read" + }, + { + "permission": "malware-detection:*:*" + }, + { + "permission": "malware-detection:user_acknowledgement:write" + }, + { + "permission": "notifications:notifications:read" + }, + { + "permission": "notifications:events:read" + }, + { + "permission": "notifications:notifications:write" + }, + { + "permission": "patch:*:*" + }, + { + "permission": "patch:system:write" + }, + { + "permission": "patch:template:write" + }, + { + "permission": "playbook-dispatcher:run:read", + "resourceDefinitions": [ + { + "attributeFilter": { + "key": "service", + "operation": "equal", + "value": "remediations" + } + } + ] + }, + { + "permission": "policies:policies:read" + }, + { + "permission": "policies:policies:write" + }, + { + "permission": "remediations:remediation:read" + }, + { + "permission": "remediations:remediation:write" + }, + { + "permission": "remediations:remediation:execute" + }, + { + "permission": "remediations:*:read" + }, + { + "permission": "remediations:*:write" + }, + { + "permission": "remediations:*:*" + }, + { + "permission": "ros:*:read" + }, + { + "permission": "ros:*:*" + }, + { + "sources": "sources:*:*" + }, + { + "permission": "staleness:staleness:read" + }, + { + "permission": "staleness:staleness:write" + }, + { + "permission": "tasks:*:*" + }, + { + "permission": "vulnerability:vulnerability_results:read" + }, + { + "permission": "vulnerability:system.opt_out:read" + }, + { + "permission": "vulnerability:report_and_export:read" + }, + { + "permission": "vulnerability:advanced_report:read" + }, + { + "permission": "vulnerability:*:read" + }, + { + "permission": "vulnerability:cve.business_risk_and_status:write" + }, + { + "permission": "vulnerability:system.opt_out:write" + }, + { + "permission": "vulnerability:*:*" + }, + { + "permission": "vulnerability:system.cve.status:write" + }, + { + "permission": "vulnerability:toggle_cves_without_errata:write" + } + ] + } + ] + } ros.json: | { "roles": [ diff --git a/configs/prod/schemas/schema.zed b/configs/prod/schemas/schema.zed index 7c10d577..181f7dd2 100644 --- a/configs/prod/schemas/schema.zed +++ b/configs/prod/schemas/schema.zed @@ -112,36 +112,34 @@ definition rbac/role { permission notifications_integration_delete = notifications_integrations_write + notifications_integrations_all + notifications_all_write + notifications_all_all + all_all_all + t_child->notifications_integration_delete permission notifications_integration_disable = notifications_integrations_write + notifications_integrations_all + notifications_all_write + notifications_all_all + all_all_all + t_child->notifications_integration_disable permission notifications_integration_enable = notifications_integrations_write + notifications_integrations_all + notifications_all_write + notifications_all_all + all_all_all + t_child->notifications_integration_enable - permission advisor_disable_recommendations_write = t_advisor_disable_recommendations_write - relation t_advisor_disable_recommendations_write: rbac/principal:* - permission advisor_weekly_email_read = t_advisor_weekly_email_read - relation t_advisor_weekly_email_read: rbac/principal:* - permission advisor_recommendation_results_read = t_advisor_recommendation_results_read - relation t_advisor_recommendation_results_read: rbac/principal:* - permission advisor_exports_read = t_advisor_exports_read - relation t_advisor_exports_read: rbac/principal:* permission advisor_all_read = t_advisor_all_read relation t_advisor_all_read: rbac/principal:* permission advisor_all_all = t_advisor_all_all relation t_advisor_all_all: rbac/principal:* + permission advisor_disable_recommendations_write = t_advisor_disable_recommendations_write + relation t_advisor_disable_recommendations_write: rbac/principal:* + permission advisor_exports_read = t_advisor_exports_read + relation t_advisor_exports_read: rbac/principal:* + permission advisor_recommendation_results_read = t_advisor_recommendation_results_read + relation t_advisor_recommendation_results_read: rbac/principal:* + permission advisor_weekly_email_read = t_advisor_weekly_email_read + relation t_advisor_weekly_email_read: rbac/principal:* + permission ansible_wisdom_admin_dashboard_chart_active_users_read = t_ansible_wisdom_admin_dashboard_chart_active_users_read + relation t_ansible_wisdom_admin_dashboard_chart_active_users_read: rbac/principal:* + permission ansible_wisdom_admin_dashboard_chart_module_usage_read = t_ansible_wisdom_admin_dashboard_chart_module_usage_read + relation t_ansible_wisdom_admin_dashboard_chart_module_usage_read: rbac/principal:* permission ansible_wisdom_admin_dashboard_chart_recommendations_read = t_ansible_wisdom_admin_dashboard_chart_recommendations_read relation t_ansible_wisdom_admin_dashboard_chart_recommendations_read: rbac/principal:* permission ansible_wisdom_admin_dashboard_chart_user_sentiment_read = t_ansible_wisdom_admin_dashboard_chart_user_sentiment_read relation t_ansible_wisdom_admin_dashboard_chart_user_sentiment_read: rbac/principal:* - permission ansible_wisdom_admin_dashboard_chart_module_usage_read = t_ansible_wisdom_admin_dashboard_chart_module_usage_read - relation t_ansible_wisdom_admin_dashboard_chart_module_usage_read: rbac/principal:* - permission ansible_wisdom_admin_dashboard_chart_active_users_read = t_ansible_wisdom_admin_dashboard_chart_active_users_read - relation t_ansible_wisdom_admin_dashboard_chart_active_users_read: rbac/principal:* permission automation_analytics_all_read = t_automation_analytics_all_read relation t_automation_analytics_all_read: rbac/principal:* permission automation_analytics_all_write = t_automation_analytics_all_write relation t_automation_analytics_all_write: rbac/principal:* permission automation_analytics_all_all = t_automation_analytics_all_all relation t_automation_analytics_all_all: rbac/principal:* - permission compliance_report_read = t_compliance_report_read - relation t_compliance_report_read: rbac/principal:* - permission compliance_report_delete = t_compliance_report_delete - relation t_compliance_report_delete: rbac/principal:* + permission compliance_all_all = t_compliance_all_all + relation t_compliance_all_all: rbac/principal:* permission compliance_policy_read = t_compliance_policy_read relation t_compliance_policy_read: rbac/principal:* permission compliance_policy_create = t_compliance_policy_create @@ -152,8 +150,10 @@ definition rbac/role { relation t_compliance_policy_delete: rbac/principal:* permission compliance_policy_write = t_compliance_policy_write relation t_compliance_policy_write: rbac/principal:* - permission compliance_all_all = t_compliance_all_all - relation t_compliance_all_all: rbac/principal:* + permission compliance_report_read = t_compliance_report_read + relation t_compliance_report_read: rbac/principal:* + permission compliance_report_delete = t_compliance_report_delete + relation t_compliance_report_delete: rbac/principal:* permission compliance_system_read = t_compliance_system_read relation t_compliance_system_read: rbac/principal:* permission config_manager_activation_keys_read = t_config_manager_activation_keys_read @@ -168,6 +168,8 @@ definition rbac/role { relation t_config_manager_state_write: rbac/principal:* permission config_manager_state_changes_read = t_config_manager_state_changes_read relation t_config_manager_state_changes_read: rbac/principal:* + permission content_sources_all_all = t_content_sources_all_all + relation t_content_sources_all_all: rbac/principal:* permission content_sources_repositories_read = t_content_sources_repositories_read relation t_content_sources_repositories_read: rbac/principal:* permission content_sources_repositories_write = t_content_sources_repositories_write @@ -178,12 +180,26 @@ definition rbac/role { relation t_content_sources_templates_read: rbac/principal:* permission content_sources_templates_write = t_content_sources_templates_write relation t_content_sources_templates_write: rbac/principal:* - permission content_sources_all_all = t_content_sources_all_all - relation t_content_sources_all_all: rbac/principal:* + permission cost_management_all_all = t_cost_management_all_all + relation t_cost_management_all_all: rbac/principal:* permission cost_management_aws_account_all = t_cost_management_aws_account_all relation t_cost_management_aws_account_all: rbac/principal:* permission cost_management_aws_account_read = t_cost_management_aws_account_read relation t_cost_management_aws_account_read: rbac/principal:* + permission cost_management_aws_organizational_unit_all = t_cost_management_aws_organizational_unit_all + relation t_cost_management_aws_organizational_unit_all: rbac/principal:* + permission cost_management_aws_organizational_unit_read = t_cost_management_aws_organizational_unit_read + relation t_cost_management_aws_organizational_unit_read: rbac/principal:* + permission cost_management_azure_subscription_guid_all = t_cost_management_azure_subscription_guid_all + relation t_cost_management_azure_subscription_guid_all: rbac/principal:* + permission cost_management_azure_subscription_guid_read = t_cost_management_azure_subscription_guid_read + relation t_cost_management_azure_subscription_guid_read: rbac/principal:* + permission cost_management_cost_model_all = t_cost_management_cost_model_all + relation t_cost_management_cost_model_all: rbac/principal:* + permission cost_management_cost_model_read = t_cost_management_cost_model_read + relation t_cost_management_cost_model_read: rbac/principal:* + permission cost_management_cost_model_write = t_cost_management_cost_model_write + relation t_cost_management_cost_model_write: rbac/principal:* permission cost_management_gcp_account_all = t_cost_management_gcp_account_all relation t_cost_management_gcp_account_all: rbac/principal:* permission cost_management_gcp_account_read = t_cost_management_gcp_account_read @@ -192,28 +208,14 @@ definition rbac/role { relation t_cost_management_gcp_project_all: rbac/principal:* permission cost_management_gcp_project_read = t_cost_management_gcp_project_read relation t_cost_management_gcp_project_read: rbac/principal:* - permission cost_management_openshift_cluster_all = t_cost_management_openshift_cluster_all - relation t_cost_management_openshift_cluster_all: rbac/principal:* - permission cost_management_openshift_cluster_read = t_cost_management_openshift_cluster_read - relation t_cost_management_openshift_cluster_read: rbac/principal:* permission cost_management_oci_payer_tenant_id_all = t_cost_management_oci_payer_tenant_id_all relation t_cost_management_oci_payer_tenant_id_all: rbac/principal:* permission cost_management_oci_payer_tenant_id_read = t_cost_management_oci_payer_tenant_id_read relation t_cost_management_oci_payer_tenant_id_read: rbac/principal:* - permission cost_management_settings_all = t_cost_management_settings_all - relation t_cost_management_settings_all: rbac/principal:* - permission cost_management_settings_read = t_cost_management_settings_read - relation t_cost_management_settings_read: rbac/principal:* - permission cost_management_settings_write = t_cost_management_settings_write - relation t_cost_management_settings_write: rbac/principal:* - permission cost_management_aws_organizational_unit_all = t_cost_management_aws_organizational_unit_all - relation t_cost_management_aws_organizational_unit_all: rbac/principal:* - permission cost_management_aws_organizational_unit_read = t_cost_management_aws_organizational_unit_read - relation t_cost_management_aws_organizational_unit_read: rbac/principal:* - permission cost_management_azure_subscription_guid_all = t_cost_management_azure_subscription_guid_all - relation t_cost_management_azure_subscription_guid_all: rbac/principal:* - permission cost_management_azure_subscription_guid_read = t_cost_management_azure_subscription_guid_read - relation t_cost_management_azure_subscription_guid_read: rbac/principal:* + permission cost_management_openshift_cluster_all = t_cost_management_openshift_cluster_all + relation t_cost_management_openshift_cluster_all: rbac/principal:* + permission cost_management_openshift_cluster_read = t_cost_management_openshift_cluster_read + relation t_cost_management_openshift_cluster_read: rbac/principal:* permission cost_management_openshift_node_all = t_cost_management_openshift_node_all relation t_cost_management_openshift_node_all: rbac/principal:* permission cost_management_openshift_node_read = t_cost_management_openshift_node_read @@ -222,20 +224,16 @@ definition rbac/role { relation t_cost_management_openshift_project_all: rbac/principal:* permission cost_management_openshift_project_read = t_cost_management_openshift_project_read relation t_cost_management_openshift_project_read: rbac/principal:* - permission cost_management_cost_model_all = t_cost_management_cost_model_all - relation t_cost_management_cost_model_all: rbac/principal:* - permission cost_management_cost_model_read = t_cost_management_cost_model_read - relation t_cost_management_cost_model_read: rbac/principal:* - permission cost_management_cost_model_write = t_cost_management_cost_model_write - relation t_cost_management_cost_model_write: rbac/principal:* - permission cost_management_all_all = t_cost_management_all_all - relation t_cost_management_all_all: rbac/principal:* + permission cost_management_settings_all = t_cost_management_settings_all + relation t_cost_management_settings_all: rbac/principal:* + permission cost_management_settings_read = t_cost_management_settings_read + relation t_cost_management_settings_read: rbac/principal:* + permission cost_management_settings_write = t_cost_management_settings_write + relation t_cost_management_settings_write: rbac/principal:* permission hybrid_committed_spend_reports_read = t_hybrid_committed_spend_reports_read relation t_hybrid_committed_spend_reports_read: rbac/principal:* permission idmsvc_all_all = t_idmsvc_all_all relation t_idmsvc_all_all: rbac/principal:* - permission idmsvc_token_create = t_idmsvc_token_create - relation t_idmsvc_token_create: rbac/principal:* permission idmsvc_domains_list = t_idmsvc_domains_list relation t_idmsvc_domains_list: rbac/principal:* permission idmsvc_domains_read = t_idmsvc_domains_read @@ -246,44 +244,44 @@ definition rbac/role { relation t_idmsvc_domains_update: rbac/principal:* permission idmsvc_domains_delete = t_idmsvc_domains_delete relation t_idmsvc_domains_delete: rbac/principal:* + permission idmsvc_token_create = t_idmsvc_token_create + relation t_idmsvc_token_create: rbac/principal:* + permission integrations_all_all = t_integrations_all_all + relation t_integrations_all_all: rbac/principal:* permission integrations_endpoints_read = t_integrations_endpoints_read relation t_integrations_endpoints_read: rbac/principal:* permission integrations_endpoints_write = t_integrations_endpoints_write relation t_integrations_endpoints_write: rbac/principal:* - permission integrations_all_all = t_integrations_all_all - relation t_integrations_all_all: rbac/principal:* permission inventory_all_read = t_inventory_all_read relation t_inventory_all_read: rbac/principal:* permission inventory_all_all = t_inventory_all_all relation t_inventory_all_all: rbac/principal:* - permission inventory_hosts_read = t_inventory_hosts_read - relation t_inventory_hosts_read: rbac/principal:* - permission inventory_hosts_write = t_inventory_hosts_write - relation t_inventory_hosts_write: rbac/principal:* - permission inventory_hosts_all = t_inventory_hosts_all - relation t_inventory_hosts_all: rbac/principal:* permission inventory_groups_read = t_inventory_groups_read relation t_inventory_groups_read: rbac/principal:* permission inventory_groups_write = t_inventory_groups_write relation t_inventory_groups_write: rbac/principal:* permission inventory_groups_all = t_inventory_groups_all relation t_inventory_groups_all: rbac/principal:* + permission inventory_hosts_read = t_inventory_hosts_read + relation t_inventory_hosts_read: rbac/principal:* + permission inventory_hosts_write = t_inventory_hosts_write + relation t_inventory_hosts_write: rbac/principal:* + permission inventory_hosts_all = t_inventory_hosts_all + relation t_inventory_hosts_all: rbac/principal:* permission malware_detection_all_all = t_malware_detection_all_all relation t_malware_detection_all_all: rbac/principal:* permission malware_detection_all_read = t_malware_detection_all_read relation t_malware_detection_all_read: rbac/principal:* permission malware_detection_acknowledgements_write = t_malware_detection_acknowledgements_write relation t_malware_detection_acknowledgements_write: rbac/principal:* - permission ocp_advisor_toggle_recommendations_write = t_ocp_advisor_toggle_recommendations_write - relation t_ocp_advisor_toggle_recommendations_write: rbac/principal:* - permission ocp_advisor_recommendation_results_read = t_ocp_advisor_recommendation_results_read - relation t_ocp_advisor_recommendation_results_read: rbac/principal:* - permission ocp_advisor_exports_read = t_ocp_advisor_exports_read - relation t_ocp_advisor_exports_read: rbac/principal:* permission ocp_advisor_all_all = t_ocp_advisor_all_all relation t_ocp_advisor_all_all: rbac/principal:* - permission patch_template_write = t_patch_template_write - relation t_patch_template_write: rbac/principal:* + permission ocp_advisor_exports_read = t_ocp_advisor_exports_read + relation t_ocp_advisor_exports_read: rbac/principal:* + permission ocp_advisor_recommendation_results_read = t_ocp_advisor_recommendation_results_read + relation t_ocp_advisor_recommendation_results_read: rbac/principal:* + permission ocp_advisor_toggle_recommendations_write = t_ocp_advisor_toggle_recommendations_write + relation t_ocp_advisor_toggle_recommendations_write: rbac/principal:* permission patch_all_all = t_patch_all_all relation t_patch_all_all: rbac/principal:* permission patch_all_read = t_patch_all_read @@ -292,16 +290,20 @@ definition rbac/role { relation t_patch_all_write: rbac/principal:* permission patch_system_write = t_patch_system_write relation t_patch_system_write: rbac/principal:* + permission patch_template_write = t_patch_template_write + relation t_patch_template_write: rbac/principal:* permission playbook_dispatcher_run_read = t_playbook_dispatcher_run_read relation t_playbook_dispatcher_run_read: rbac/principal:* permission playbook_dispatcher_run_write = t_playbook_dispatcher_run_write relation t_playbook_dispatcher_run_write: rbac/principal:* + permission policies_all_all = t_policies_all_all + relation t_policies_all_all: rbac/principal:* permission policies_policies_read = t_policies_policies_read relation t_policies_policies_read: rbac/principal:* permission policies_policies_write = t_policies_policies_write relation t_policies_policies_write: rbac/principal:* - permission policies_all_all = t_policies_all_all - relation t_policies_all_all: rbac/principal:* + permission provisioning_all_all = t_provisioning_all_all + relation t_provisioning_all_all: rbac/principal:* permission provisioning_pubkey_all = t_provisioning_pubkey_all relation t_provisioning_pubkey_all: rbac/principal:* permission provisioning_pubkey_read = t_provisioning_pubkey_read @@ -332,28 +334,26 @@ definition rbac/role { relation t_provisioning_reservation_gcp_read: rbac/principal:* permission provisioning_reservation_gcp_write = t_provisioning_reservation_gcp_write relation t_provisioning_reservation_gcp_write: rbac/principal:* - permission provisioning_all_all = t_provisioning_all_all - relation t_provisioning_all_all: rbac/principal:* permission provisioning_source_all = t_provisioning_source_all relation t_provisioning_source_all: rbac/principal:* permission provisioning_source_read = t_provisioning_source_read relation t_provisioning_source_read: rbac/principal:* - permission rbac_principal_read = t_rbac_principal_read - relation t_rbac_principal_read: rbac/principal:* permission rbac_all_all = t_rbac_all_all relation t_rbac_all_all: rbac/principal:* - permission remediations_remediation_read = t_remediations_remediation_read - relation t_remediations_remediation_read: rbac/principal:* - permission remediations_remediation_write = t_remediations_remediation_write - relation t_remediations_remediation_write: rbac/principal:* - permission remediations_remediation_execute = t_remediations_remediation_execute - relation t_remediations_remediation_execute: rbac/principal:* + permission rbac_principal_read = t_rbac_principal_read + relation t_rbac_principal_read: rbac/principal:* permission remediations_all_all = t_remediations_all_all relation t_remediations_all_all: rbac/principal:* permission remediations_all_read = t_remediations_all_read relation t_remediations_all_read: rbac/principal:* permission remediations_all_write = t_remediations_all_write relation t_remediations_all_write: rbac/principal:* + permission remediations_remediation_read = t_remediations_remediation_read + relation t_remediations_remediation_read: rbac/principal:* + permission remediations_remediation_write = t_remediations_remediation_write + relation t_remediations_remediation_write: rbac/principal:* + permission remediations_remediation_execute = t_remediations_remediation_execute + relation t_remediations_remediation_execute: rbac/principal:* permission ros_all_all = t_ros_all_all relation t_ros_all_all: rbac/principal:* permission ros_all_read = t_ros_all_read @@ -366,18 +366,12 @@ definition rbac/role { relation t_staleness_staleness_write: rbac/principal:* permission staleness_staleness_all = t_staleness_staleness_all relation t_staleness_staleness_all: rbac/principal:* - permission subscriptions_products_read = t_subscriptions_products_read - relation t_subscriptions_products_read: rbac/principal:* - permission subscriptions_products_write = t_subscriptions_products_write - relation t_subscriptions_products_write: rbac/principal:* + permission subscriptions_all_all = t_subscriptions_all_all + relation t_subscriptions_all_all: rbac/principal:* permission subscriptions_cloud_access_read = t_subscriptions_cloud_access_read relation t_subscriptions_cloud_access_read: rbac/principal:* permission subscriptions_cloud_access_write = t_subscriptions_cloud_access_write relation t_subscriptions_cloud_access_write: rbac/principal:* - permission subscriptions_all_all = t_subscriptions_all_all - relation t_subscriptions_all_all: rbac/principal:* - permission subscriptions_reports_read = t_subscriptions_reports_read - relation t_subscriptions_reports_read: rbac/principal:* permission subscriptions_manifests_read = t_subscriptions_manifests_read relation t_subscriptions_manifests_read: rbac/principal:* permission subscriptions_manifests_write = t_subscriptions_manifests_write @@ -386,30 +380,36 @@ definition rbac/role { relation t_subscriptions_organization_read: rbac/principal:* permission subscriptions_organization_write = t_subscriptions_organization_write relation t_subscriptions_organization_write: rbac/principal:* + permission subscriptions_products_read = t_subscriptions_products_read + relation t_subscriptions_products_read: rbac/principal:* + permission subscriptions_products_write = t_subscriptions_products_write + relation t_subscriptions_products_write: rbac/principal:* + permission subscriptions_reports_read = t_subscriptions_reports_read + relation t_subscriptions_reports_read: rbac/principal:* permission tasks_all_all = t_tasks_all_all relation t_tasks_all_all: rbac/principal:* - permission vulnerability_vulnerability_results_read = t_vulnerability_vulnerability_results_read - relation t_vulnerability_vulnerability_results_read: rbac/principal:* - permission vulnerability_cve_business_risk_and_status_write = t_vulnerability_cve_business_risk_and_status_write - relation t_vulnerability_cve_business_risk_and_status_write: rbac/principal:* - permission vulnerability_system_cve_status_write = t_vulnerability_system_cve_status_write - relation t_vulnerability_system_cve_status_write: rbac/principal:* + permission vulnerability_all_read = t_vulnerability_all_read + relation t_vulnerability_all_read: rbac/principal:* + permission vulnerability_all_write = t_vulnerability_all_write + relation t_vulnerability_all_write: rbac/principal:* + permission vulnerability_all_all = t_vulnerability_all_all + relation t_vulnerability_all_all: rbac/principal:* permission vulnerability_advanced_report_read = t_vulnerability_advanced_report_read relation t_vulnerability_advanced_report_read: rbac/principal:* + permission vulnerability_cve_business_risk_and_status_write = t_vulnerability_cve_business_risk_and_status_write + relation t_vulnerability_cve_business_risk_and_status_write: rbac/principal:* permission vulnerability_report_and_export_read = t_vulnerability_report_and_export_read relation t_vulnerability_report_and_export_read: rbac/principal:* + permission vulnerability_system_cve_status_write = t_vulnerability_system_cve_status_write + relation t_vulnerability_system_cve_status_write: rbac/principal:* permission vulnerability_system_opt_out_write = t_vulnerability_system_opt_out_write relation t_vulnerability_system_opt_out_write: rbac/principal:* permission vulnerability_system_opt_out_read = t_vulnerability_system_opt_out_read relation t_vulnerability_system_opt_out_read: rbac/principal:* permission vulnerability_toggle_cves_without_errata_write = t_vulnerability_toggle_cves_without_errata_write relation t_vulnerability_toggle_cves_without_errata_write: rbac/principal:* - permission vulnerability_all_read = t_vulnerability_all_read - relation t_vulnerability_all_read: rbac/principal:* - permission vulnerability_all_write = t_vulnerability_all_write - relation t_vulnerability_all_write: rbac/principal:* - permission vulnerability_all_all = t_vulnerability_all_all - relation t_vulnerability_all_all: rbac/principal:* + permission vulnerability_vulnerability_results_read = t_vulnerability_vulnerability_results_read + relation t_vulnerability_vulnerability_results_read: rbac/principal:* } definition rbac/role_binding { diff --git a/configs/stage/schemas/schema.zed b/configs/stage/schemas/schema.zed index 4c400f9c..181f7dd2 100644 --- a/configs/stage/schemas/schema.zed +++ b/configs/stage/schemas/schema.zed @@ -118,20 +118,20 @@ definition rbac/role { relation t_advisor_all_all: rbac/principal:* permission advisor_disable_recommendations_write = t_advisor_disable_recommendations_write relation t_advisor_disable_recommendations_write: rbac/principal:* - permission advisor_weekly_email_read = t_advisor_weekly_email_read - relation t_advisor_weekly_email_read: rbac/principal:* - permission advisor_recommendation_results_read = t_advisor_recommendation_results_read - relation t_advisor_recommendation_results_read: rbac/principal:* permission advisor_exports_read = t_advisor_exports_read relation t_advisor_exports_read: rbac/principal:* - permission ansible_wisdom_admin_dashboard_chart_user_sentiment_read = t_ansible_wisdom_admin_dashboard_chart_user_sentiment_read - relation t_ansible_wisdom_admin_dashboard_chart_user_sentiment_read: rbac/principal:* - permission ansible_wisdom_admin_dashboard_chart_module_usage_read = t_ansible_wisdom_admin_dashboard_chart_module_usage_read - relation t_ansible_wisdom_admin_dashboard_chart_module_usage_read: rbac/principal:* + permission advisor_recommendation_results_read = t_advisor_recommendation_results_read + relation t_advisor_recommendation_results_read: rbac/principal:* + permission advisor_weekly_email_read = t_advisor_weekly_email_read + relation t_advisor_weekly_email_read: rbac/principal:* permission ansible_wisdom_admin_dashboard_chart_active_users_read = t_ansible_wisdom_admin_dashboard_chart_active_users_read relation t_ansible_wisdom_admin_dashboard_chart_active_users_read: rbac/principal:* + permission ansible_wisdom_admin_dashboard_chart_module_usage_read = t_ansible_wisdom_admin_dashboard_chart_module_usage_read + relation t_ansible_wisdom_admin_dashboard_chart_module_usage_read: rbac/principal:* permission ansible_wisdom_admin_dashboard_chart_recommendations_read = t_ansible_wisdom_admin_dashboard_chart_recommendations_read relation t_ansible_wisdom_admin_dashboard_chart_recommendations_read: rbac/principal:* + permission ansible_wisdom_admin_dashboard_chart_user_sentiment_read = t_ansible_wisdom_admin_dashboard_chart_user_sentiment_read + relation t_ansible_wisdom_admin_dashboard_chart_user_sentiment_read: rbac/principal:* permission automation_analytics_all_read = t_automation_analytics_all_read relation t_automation_analytics_all_read: rbac/principal:* permission automation_analytics_all_write = t_automation_analytics_all_write @@ -140,12 +140,6 @@ definition rbac/role { relation t_automation_analytics_all_all: rbac/principal:* permission compliance_all_all = t_compliance_all_all relation t_compliance_all_all: rbac/principal:* - permission compliance_system_read = t_compliance_system_read - relation t_compliance_system_read: rbac/principal:* - permission compliance_report_read = t_compliance_report_read - relation t_compliance_report_read: rbac/principal:* - permission compliance_report_delete = t_compliance_report_delete - relation t_compliance_report_delete: rbac/principal:* permission compliance_policy_read = t_compliance_policy_read relation t_compliance_policy_read: rbac/principal:* permission compliance_policy_create = t_compliance_policy_create @@ -156,6 +150,12 @@ definition rbac/role { relation t_compliance_policy_delete: rbac/principal:* permission compliance_policy_write = t_compliance_policy_write relation t_compliance_policy_write: rbac/principal:* + permission compliance_report_read = t_compliance_report_read + relation t_compliance_report_read: rbac/principal:* + permission compliance_report_delete = t_compliance_report_delete + relation t_compliance_report_delete: rbac/principal:* + permission compliance_system_read = t_compliance_system_read + relation t_compliance_system_read: rbac/principal:* permission config_manager_activation_keys_read = t_config_manager_activation_keys_read relation t_config_manager_activation_keys_read: rbac/principal:* permission config_manager_activation_keys_write = t_config_manager_activation_keys_write @@ -168,10 +168,6 @@ definition rbac/role { relation t_config_manager_state_write: rbac/principal:* permission config_manager_state_changes_read = t_config_manager_state_changes_read relation t_config_manager_state_changes_read: rbac/principal:* - permission content_sources_templates_read = t_content_sources_templates_read - relation t_content_sources_templates_read: rbac/principal:* - permission content_sources_templates_write = t_content_sources_templates_write - relation t_content_sources_templates_write: rbac/principal:* permission content_sources_all_all = t_content_sources_all_all relation t_content_sources_all_all: rbac/principal:* permission content_sources_repositories_read = t_content_sources_repositories_read @@ -180,42 +176,30 @@ definition rbac/role { relation t_content_sources_repositories_write: rbac/principal:* permission content_sources_repositories_upload = t_content_sources_repositories_upload relation t_content_sources_repositories_upload: rbac/principal:* + permission content_sources_templates_read = t_content_sources_templates_read + relation t_content_sources_templates_read: rbac/principal:* + permission content_sources_templates_write = t_content_sources_templates_write + relation t_content_sources_templates_write: rbac/principal:* + permission cost_management_all_all = t_cost_management_all_all + relation t_cost_management_all_all: rbac/principal:* permission cost_management_aws_account_all = t_cost_management_aws_account_all relation t_cost_management_aws_account_all: rbac/principal:* permission cost_management_aws_account_read = t_cost_management_aws_account_read relation t_cost_management_aws_account_read: rbac/principal:* + permission cost_management_aws_organizational_unit_all = t_cost_management_aws_organizational_unit_all + relation t_cost_management_aws_organizational_unit_all: rbac/principal:* + permission cost_management_aws_organizational_unit_read = t_cost_management_aws_organizational_unit_read + relation t_cost_management_aws_organizational_unit_read: rbac/principal:* permission cost_management_azure_subscription_guid_all = t_cost_management_azure_subscription_guid_all relation t_cost_management_azure_subscription_guid_all: rbac/principal:* permission cost_management_azure_subscription_guid_read = t_cost_management_azure_subscription_guid_read relation t_cost_management_azure_subscription_guid_read: rbac/principal:* - permission cost_management_oci_payer_tenant_id_all = t_cost_management_oci_payer_tenant_id_all - relation t_cost_management_oci_payer_tenant_id_all: rbac/principal:* - permission cost_management_oci_payer_tenant_id_read = t_cost_management_oci_payer_tenant_id_read - relation t_cost_management_oci_payer_tenant_id_read: rbac/principal:* - permission cost_management_openshift_cluster_all = t_cost_management_openshift_cluster_all - relation t_cost_management_openshift_cluster_all: rbac/principal:* - permission cost_management_openshift_cluster_read = t_cost_management_openshift_cluster_read - relation t_cost_management_openshift_cluster_read: rbac/principal:* - permission cost_management_openshift_node_all = t_cost_management_openshift_node_all - relation t_cost_management_openshift_node_all: rbac/principal:* - permission cost_management_openshift_node_read = t_cost_management_openshift_node_read - relation t_cost_management_openshift_node_read: rbac/principal:* permission cost_management_cost_model_all = t_cost_management_cost_model_all relation t_cost_management_cost_model_all: rbac/principal:* permission cost_management_cost_model_read = t_cost_management_cost_model_read relation t_cost_management_cost_model_read: rbac/principal:* permission cost_management_cost_model_write = t_cost_management_cost_model_write relation t_cost_management_cost_model_write: rbac/principal:* - permission cost_management_settings_all = t_cost_management_settings_all - relation t_cost_management_settings_all: rbac/principal:* - permission cost_management_settings_read = t_cost_management_settings_read - relation t_cost_management_settings_read: rbac/principal:* - permission cost_management_settings_write = t_cost_management_settings_write - relation t_cost_management_settings_write: rbac/principal:* - permission cost_management_aws_organizational_unit_all = t_cost_management_aws_organizational_unit_all - relation t_cost_management_aws_organizational_unit_all: rbac/principal:* - permission cost_management_aws_organizational_unit_read = t_cost_management_aws_organizational_unit_read - relation t_cost_management_aws_organizational_unit_read: rbac/principal:* permission cost_management_gcp_account_all = t_cost_management_gcp_account_all relation t_cost_management_gcp_account_all: rbac/principal:* permission cost_management_gcp_account_read = t_cost_management_gcp_account_read @@ -224,16 +208,32 @@ definition rbac/role { relation t_cost_management_gcp_project_all: rbac/principal:* permission cost_management_gcp_project_read = t_cost_management_gcp_project_read relation t_cost_management_gcp_project_read: rbac/principal:* + permission cost_management_oci_payer_tenant_id_all = t_cost_management_oci_payer_tenant_id_all + relation t_cost_management_oci_payer_tenant_id_all: rbac/principal:* + permission cost_management_oci_payer_tenant_id_read = t_cost_management_oci_payer_tenant_id_read + relation t_cost_management_oci_payer_tenant_id_read: rbac/principal:* + permission cost_management_openshift_cluster_all = t_cost_management_openshift_cluster_all + relation t_cost_management_openshift_cluster_all: rbac/principal:* + permission cost_management_openshift_cluster_read = t_cost_management_openshift_cluster_read + relation t_cost_management_openshift_cluster_read: rbac/principal:* + permission cost_management_openshift_node_all = t_cost_management_openshift_node_all + relation t_cost_management_openshift_node_all: rbac/principal:* + permission cost_management_openshift_node_read = t_cost_management_openshift_node_read + relation t_cost_management_openshift_node_read: rbac/principal:* permission cost_management_openshift_project_all = t_cost_management_openshift_project_all relation t_cost_management_openshift_project_all: rbac/principal:* permission cost_management_openshift_project_read = t_cost_management_openshift_project_read relation t_cost_management_openshift_project_read: rbac/principal:* - permission cost_management_all_all = t_cost_management_all_all - relation t_cost_management_all_all: rbac/principal:* + permission cost_management_settings_all = t_cost_management_settings_all + relation t_cost_management_settings_all: rbac/principal:* + permission cost_management_settings_read = t_cost_management_settings_read + relation t_cost_management_settings_read: rbac/principal:* + permission cost_management_settings_write = t_cost_management_settings_write + relation t_cost_management_settings_write: rbac/principal:* permission hybrid_committed_spend_reports_read = t_hybrid_committed_spend_reports_read relation t_hybrid_committed_spend_reports_read: rbac/principal:* - permission idmsvc_token_create = t_idmsvc_token_create - relation t_idmsvc_token_create: rbac/principal:* + permission idmsvc_all_all = t_idmsvc_all_all + relation t_idmsvc_all_all: rbac/principal:* permission idmsvc_domains_list = t_idmsvc_domains_list relation t_idmsvc_domains_list: rbac/principal:* permission idmsvc_domains_read = t_idmsvc_domains_read @@ -244,30 +244,30 @@ definition rbac/role { relation t_idmsvc_domains_update: rbac/principal:* permission idmsvc_domains_delete = t_idmsvc_domains_delete relation t_idmsvc_domains_delete: rbac/principal:* - permission idmsvc_all_all = t_idmsvc_all_all - relation t_idmsvc_all_all: rbac/principal:* + permission idmsvc_token_create = t_idmsvc_token_create + relation t_idmsvc_token_create: rbac/principal:* + permission integrations_all_all = t_integrations_all_all + relation t_integrations_all_all: rbac/principal:* permission integrations_endpoints_read = t_integrations_endpoints_read relation t_integrations_endpoints_read: rbac/principal:* permission integrations_endpoints_write = t_integrations_endpoints_write relation t_integrations_endpoints_write: rbac/principal:* - permission integrations_all_all = t_integrations_all_all - relation t_integrations_all_all: rbac/principal:* permission inventory_all_read = t_inventory_all_read relation t_inventory_all_read: rbac/principal:* permission inventory_all_all = t_inventory_all_all relation t_inventory_all_all: rbac/principal:* - permission inventory_hosts_read = t_inventory_hosts_read - relation t_inventory_hosts_read: rbac/principal:* - permission inventory_hosts_write = t_inventory_hosts_write - relation t_inventory_hosts_write: rbac/principal:* - permission inventory_hosts_all = t_inventory_hosts_all - relation t_inventory_hosts_all: rbac/principal:* permission inventory_groups_read = t_inventory_groups_read relation t_inventory_groups_read: rbac/principal:* permission inventory_groups_write = t_inventory_groups_write relation t_inventory_groups_write: rbac/principal:* permission inventory_groups_all = t_inventory_groups_all relation t_inventory_groups_all: rbac/principal:* + permission inventory_hosts_read = t_inventory_hosts_read + relation t_inventory_hosts_read: rbac/principal:* + permission inventory_hosts_write = t_inventory_hosts_write + relation t_inventory_hosts_write: rbac/principal:* + permission inventory_hosts_all = t_inventory_hosts_all + relation t_inventory_hosts_all: rbac/principal:* permission malware_detection_all_all = t_malware_detection_all_all relation t_malware_detection_all_all: rbac/principal:* permission malware_detection_all_read = t_malware_detection_all_read @@ -276,12 +276,12 @@ definition rbac/role { relation t_malware_detection_acknowledgements_write: rbac/principal:* permission ocp_advisor_all_all = t_ocp_advisor_all_all relation t_ocp_advisor_all_all: rbac/principal:* - permission ocp_advisor_toggle_recommendations_write = t_ocp_advisor_toggle_recommendations_write - relation t_ocp_advisor_toggle_recommendations_write: rbac/principal:* - permission ocp_advisor_recommendation_results_read = t_ocp_advisor_recommendation_results_read - relation t_ocp_advisor_recommendation_results_read: rbac/principal:* permission ocp_advisor_exports_read = t_ocp_advisor_exports_read relation t_ocp_advisor_exports_read: rbac/principal:* + permission ocp_advisor_recommendation_results_read = t_ocp_advisor_recommendation_results_read + relation t_ocp_advisor_recommendation_results_read: rbac/principal:* + permission ocp_advisor_toggle_recommendations_write = t_ocp_advisor_toggle_recommendations_write + relation t_ocp_advisor_toggle_recommendations_write: rbac/principal:* permission patch_all_all = t_patch_all_all relation t_patch_all_all: rbac/principal:* permission patch_all_read = t_patch_all_read @@ -296,18 +296,14 @@ definition rbac/role { relation t_playbook_dispatcher_run_read: rbac/principal:* permission playbook_dispatcher_run_write = t_playbook_dispatcher_run_write relation t_playbook_dispatcher_run_write: rbac/principal:* + permission policies_all_all = t_policies_all_all + relation t_policies_all_all: rbac/principal:* permission policies_policies_read = t_policies_policies_read relation t_policies_policies_read: rbac/principal:* permission policies_policies_write = t_policies_policies_write relation t_policies_policies_write: rbac/principal:* - permission policies_all_all = t_policies_all_all - relation t_policies_all_all: rbac/principal:* permission provisioning_all_all = t_provisioning_all_all relation t_provisioning_all_all: rbac/principal:* - permission provisioning_source_all = t_provisioning_source_all - relation t_provisioning_source_all: rbac/principal:* - permission provisioning_source_read = t_provisioning_source_read - relation t_provisioning_source_read: rbac/principal:* permission provisioning_pubkey_all = t_provisioning_pubkey_all relation t_provisioning_pubkey_all: rbac/principal:* permission provisioning_pubkey_read = t_provisioning_pubkey_read @@ -338,22 +334,26 @@ definition rbac/role { relation t_provisioning_reservation_gcp_read: rbac/principal:* permission provisioning_reservation_gcp_write = t_provisioning_reservation_gcp_write relation t_provisioning_reservation_gcp_write: rbac/principal:* - permission rbac_principal_read = t_rbac_principal_read - relation t_rbac_principal_read: rbac/principal:* + permission provisioning_source_all = t_provisioning_source_all + relation t_provisioning_source_all: rbac/principal:* + permission provisioning_source_read = t_provisioning_source_read + relation t_provisioning_source_read: rbac/principal:* permission rbac_all_all = t_rbac_all_all relation t_rbac_all_all: rbac/principal:* - permission remediations_remediation_read = t_remediations_remediation_read - relation t_remediations_remediation_read: rbac/principal:* - permission remediations_remediation_write = t_remediations_remediation_write - relation t_remediations_remediation_write: rbac/principal:* - permission remediations_remediation_execute = t_remediations_remediation_execute - relation t_remediations_remediation_execute: rbac/principal:* + permission rbac_principal_read = t_rbac_principal_read + relation t_rbac_principal_read: rbac/principal:* permission remediations_all_all = t_remediations_all_all relation t_remediations_all_all: rbac/principal:* permission remediations_all_read = t_remediations_all_read relation t_remediations_all_read: rbac/principal:* permission remediations_all_write = t_remediations_all_write relation t_remediations_all_write: rbac/principal:* + permission remediations_remediation_read = t_remediations_remediation_read + relation t_remediations_remediation_read: rbac/principal:* + permission remediations_remediation_write = t_remediations_remediation_write + relation t_remediations_remediation_write: rbac/principal:* + permission remediations_remediation_execute = t_remediations_remediation_execute + relation t_remediations_remediation_execute: rbac/principal:* permission ros_all_all = t_ros_all_all relation t_ros_all_all: rbac/principal:* permission ros_all_read = t_ros_all_read @@ -366,6 +366,16 @@ definition rbac/role { relation t_staleness_staleness_write: rbac/principal:* permission staleness_staleness_all = t_staleness_staleness_all relation t_staleness_staleness_all: rbac/principal:* + permission subscriptions_all_all = t_subscriptions_all_all + relation t_subscriptions_all_all: rbac/principal:* + permission subscriptions_cloud_access_read = t_subscriptions_cloud_access_read + relation t_subscriptions_cloud_access_read: rbac/principal:* + permission subscriptions_cloud_access_write = t_subscriptions_cloud_access_write + relation t_subscriptions_cloud_access_write: rbac/principal:* + permission subscriptions_manifests_read = t_subscriptions_manifests_read + relation t_subscriptions_manifests_read: rbac/principal:* + permission subscriptions_manifests_write = t_subscriptions_manifests_write + relation t_subscriptions_manifests_write: rbac/principal:* permission subscriptions_organization_read = t_subscriptions_organization_read relation t_subscriptions_organization_read: rbac/principal:* permission subscriptions_organization_write = t_subscriptions_organization_write @@ -374,40 +384,30 @@ definition rbac/role { relation t_subscriptions_products_read: rbac/principal:* permission subscriptions_products_write = t_subscriptions_products_write relation t_subscriptions_products_write: rbac/principal:* - permission subscriptions_cloud_access_read = t_subscriptions_cloud_access_read - relation t_subscriptions_cloud_access_read: rbac/principal:* - permission subscriptions_cloud_access_write = t_subscriptions_cloud_access_write - relation t_subscriptions_cloud_access_write: rbac/principal:* - permission subscriptions_all_all = t_subscriptions_all_all - relation t_subscriptions_all_all: rbac/principal:* permission subscriptions_reports_read = t_subscriptions_reports_read relation t_subscriptions_reports_read: rbac/principal:* - permission subscriptions_manifests_read = t_subscriptions_manifests_read - relation t_subscriptions_manifests_read: rbac/principal:* - permission subscriptions_manifests_write = t_subscriptions_manifests_write - relation t_subscriptions_manifests_write: rbac/principal:* permission tasks_all_all = t_tasks_all_all relation t_tasks_all_all: rbac/principal:* - permission vulnerability_cve_business_risk_and_status_write = t_vulnerability_cve_business_risk_and_status_write - relation t_vulnerability_cve_business_risk_and_status_write: rbac/principal:* - permission vulnerability_system_cve_status_write = t_vulnerability_system_cve_status_write - relation t_vulnerability_system_cve_status_write: rbac/principal:* + permission vulnerability_all_read = t_vulnerability_all_read + relation t_vulnerability_all_read: rbac/principal:* + permission vulnerability_all_write = t_vulnerability_all_write + relation t_vulnerability_all_write: rbac/principal:* + permission vulnerability_all_all = t_vulnerability_all_all + relation t_vulnerability_all_all: rbac/principal:* permission vulnerability_advanced_report_read = t_vulnerability_advanced_report_read relation t_vulnerability_advanced_report_read: rbac/principal:* + permission vulnerability_cve_business_risk_and_status_write = t_vulnerability_cve_business_risk_and_status_write + relation t_vulnerability_cve_business_risk_and_status_write: rbac/principal:* permission vulnerability_report_and_export_read = t_vulnerability_report_and_export_read relation t_vulnerability_report_and_export_read: rbac/principal:* + permission vulnerability_system_cve_status_write = t_vulnerability_system_cve_status_write + relation t_vulnerability_system_cve_status_write: rbac/principal:* permission vulnerability_system_opt_out_write = t_vulnerability_system_opt_out_write relation t_vulnerability_system_opt_out_write: rbac/principal:* permission vulnerability_system_opt_out_read = t_vulnerability_system_opt_out_read relation t_vulnerability_system_opt_out_read: rbac/principal:* permission vulnerability_toggle_cves_without_errata_write = t_vulnerability_toggle_cves_without_errata_write relation t_vulnerability_toggle_cves_without_errata_write: rbac/principal:* - permission vulnerability_all_read = t_vulnerability_all_read - relation t_vulnerability_all_read: rbac/principal:* - permission vulnerability_all_write = t_vulnerability_all_write - relation t_vulnerability_all_write: rbac/principal:* - permission vulnerability_all_all = t_vulnerability_all_all - relation t_vulnerability_all_all: rbac/principal:* permission vulnerability_vulnerability_results_read = t_vulnerability_vulnerability_results_read relation t_vulnerability_vulnerability_results_read: rbac/principal:* }