added authorization policy & framework

2018-04-26 10:13:46 +02:00
parent 99c10b75fb
commit 654e8a5817
6 changed files with 133 additions and 14 deletions
--- a/authorization_model.conf
+++ b/authorization_model.conf
@@ -0,0 +1,11 @@
+[request_definition]
+r = role, objectsRole, orgRelation, objectsRelation, obj, act
+
+[policy_definition]
+p = role, objectsRole, orgRelation, objectsRelation, obj, act
+
+[policy_effect]
+e = some(where (p.eft == allow)) && !some(where (p.eft == deny))
+
+[matchers]
+m = keyMatch(r.role, p.role) && keyMatch(r.objectsRole, p.objectsRole) && keyMatch(r.objectsRelation, p.objectsRelation) && keyMatch(r.orgRelation, p.orgRelation) && keyMatch(r.obj, p.obj) && (r.act == p.act || p.act == "*")