blob: 84d756ebae829ae6280d3fbb40c67094a6fdd1f0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
# Role-Based Access Control (RBAC)
This document describes the RBAC implementation of the Ansible Tower Software.
The intended audience of this document is the Ansible Tower developer.
## Overview
The RBAC system allows you to create and layer roles for controlling access to resources. Any `django.Model` can
be made into a `Resource` in the RBAC system by using the `ResourceMixin`. Once a model is accessible as a resource you can
extend the model definition to have specific roles using the `ImplicitRoleField`. This role field allows you to
configure the name of a role, any parents a role may have, and the permissions having this role will grant you to the resource.
### Roles
Roles are defined for a resource. If a role has any parents, these parents will be considered when determing
what roles are checked when accessing a resource.
ResourceA
|-- AdminRole
ResourceB
| -- AdminRole
|-- parent = ResourceA.AdminRole
When a user attempts to access ResourceB we will check for their level access using the set of all unique roles, include the parents.
set: ResourceA.AdminRole, ResourceB.AdminRole
This would provide anyone with the ResourceA.AdminRole or ResourceB.AdminRole access to ResourceB.
## Models
`Role`
`RoleHierarchy`
`Resource`
`RolePermission`
## Fields
`ImplicitRoleField`
`ImplicitResourceField`
## Mixins
`ResourceMixin`
Usage
-----
|
