| OLD | NEW |
|---|
| 1 // Copyright 2016 The LUCI Authors. All rights reserved. | 1 // Copyright 2016 The LUCI Authors. All rights reserved. |
| 2 // Use of this source code is governed under the Apache License, Version 2.0 | 2 // Use of this source code is governed under the Apache License, Version 2.0 |
| 3 // that can be found in the LICENSE file. | 3 // that can be found in the LICENSE file. |
| 4 | 4 |
| 5 syntax = "proto2"; | 5 syntax = "proto2"; |
| 6 | 6 |
| 7 | 7 |
| 8 // Schema for settings.cfg service config file in luci-config. | 8 // Schema for settings.cfg service config file in luci-config. |
| 9 message SettingsCfg { | 9 message SettingsCfg { |
| 10 // id to inject into pages if applicable. | 10 // id to inject into pages if applicable. |
| (...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 146 // server. | 146 // server. |
| 147 // | 147 // |
| 148 // All groups default to 'administrators'. | 148 // All groups default to 'administrators'. |
| 149 // | 149 // |
| 150 // See | 150 // See |
| 151 // https://github.com/luci/luci-py/blob/master/appengine/swarming/doc/Access-Gro
ups.md | 151 // https://github.com/luci/luci-py/blob/master/appengine/swarming/doc/Access-Gro
ups.md |
| 152 // for more detail. | 152 // for more detail. |
| 153 | 153 |
| 154 message AuthSettings { | 154 message AuthSettings { |
| 155 // Members of this group have full administrative access. | 155 // Members of this group have full administrative access. |
| 156 // |
| 157 // Grants: |
| 158 // - config view and edit |
| 159 // - delete any bot |
| 160 // - all of bot_bootstrap_group membership |
| 161 // - all of privileged_users_group membership |
| 156 optional string admins_group = 1; | 162 optional string admins_group = 1; |
| 163 |
| 157 // Members of this group can fetch swarming bot code and bootstrap bots. | 164 // Members of this group can fetch swarming bot code and bootstrap bots. |
| 165 // |
| 166 // Grants: |
| 167 // - bot create: create a token to anonymously fetch the bot code. |
| 158 optional string bot_bootstrap_group = 2; | 168 optional string bot_bootstrap_group = 2; |
| 169 |
| 159 // Members of this group can schedule tasks and see everyone else's tasks. | 170 // Members of this group can schedule tasks and see everyone else's tasks. |
| 171 // |
| 172 // Grants: |
| 173 // - cancel any task |
| 174 // - edit (terminate) any bot |
| 175 // - all of view_all_bots_group membership |
| 176 // - all of view_all_tasks_group membership |
| 160 optional string privileged_users_group = 3; | 177 optional string privileged_users_group = 3; |
| 178 |
| 161 // Members of this group can schedule tasks and see only their own tasks. | 179 // Members of this group can schedule tasks and see only their own tasks. |
| 180 // |
| 181 // Grants: |
| 182 // - create a task |
| 183 // - view and edit own task |
| 162 optional string users_group = 4; | 184 optional string users_group = 4; |
| 185 |
| 186 // Members of this group can view all bots. This is a read-only group. |
| 187 // |
| 188 // Grants: |
| 189 // - view all bots |
| 190 optional string view_all_bots_group = 5; |
| 191 |
| 192 // Members of this group can view all tasks. This is a read-only group. |
| 193 // |
| 194 // Grants: |
| 195 // - view all tasks |
| 196 optional string view_all_tasks_group = 6; |
| 163 } | 197 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2984843002:
swarming: switch to a 'capability focused' ACL system (Closed)
