appengine/swarming/proto/config.proto - Issue 2984843002: swarming: switch to a 'capability focused' ACL system

Unified Diff: appengine/swarming/proto/config.proto

Issue 2984843002: swarming: switch to a 'capability focused' ACL system (Closed)

Patch Set: Address comments Created 3 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: appengine/swarming/proto/config.proto

diff --git a/appengine/swarming/proto/config.proto b/appengine/swarming/proto/config.proto

index ea5e6f3092134b0cb2a21a200b0c4fb3930f105a..a3c9fff6e56c5a8485eef81d8a009b3a4c8a9677 100644

--- a/appengine/swarming/proto/config.proto

+++ b/appengine/swarming/proto/config.proto

@@ -153,11 +153,19 @@ message DimensionACLs {

message AuthSettings {

// Members of this group have full administrative access.

+ // Membership of this group acts a superset of privileged_users_group and

Vadim Sh. 2017/07/24 23:07:26 this phrase is confusing... how can a membership a

M-A Ruel 2017/07/25 13:46:38 Did the Grants: way.

+ // bot_bootstrap_group.

optional string admins_group = 1;

// Members of this group can fetch swarming bot code and bootstrap bots.

optional string bot_bootstrap_group = 2;

// Members of this group can schedule tasks and see everyone else's tasks.

+ // Membership of this group acts a superset of users_group, view_bots_group

+ // and view_tasks_group.

optional string privileged_users_group = 3;

// Members of this group can schedule tasks and see only their own tasks.

optional string users_group = 4;

+ // Members of this group can view all bots. This is a read-only group.

+ optional string view_all_bots_group = 5;

+ // Members of this group can view all tasks. This is a read-only group.

+ optional string view_all_tasks_group = 6;

}