@Deprecated @Override public OSecurityRole addRule(String iResource, int iOperation) { final String specificResource = ORule.mapLegacyResourceToSpecificResource(iResource); final ORule.ResourceGeneric resourceGeneric = ORule.mapLegacyResourceToGenericResource(iResource); if (specificResource == null || specificResource.equals("*")) return addRule(resourceGeneric, null, iOperation); return addRule(resourceGeneric, specificResource, iOperation); }
final OUser adminUser = createMetadata(); final ORole readerRole = createRole("reader", ORole.ALLOW_MODES.DENY_ALL_BUT); readerRole.addRule(ORule.ResourceGeneric.DATABASE, null, ORole.PERMISSION_READ); readerRole.addRule(ORule.ResourceGeneric.SCHEMA, null, ORole.PERMISSION_READ); readerRole.addRule(ORule.ResourceGeneric.CLUSTER, OMetadataDefault.CLUSTER_INTERNAL_NAME, ORole.PERMISSION_READ); readerRole.addRule(ORule.ResourceGeneric.CLUSTER, "orole", ORole.PERMISSION_NONE); readerRole.addRule(ORule.ResourceGeneric.CLUSTER, "ouser", ORole.PERMISSION_NONE); readerRole.addRule(ORule.ResourceGeneric.CLASS, null, ORole.PERMISSION_READ); readerRole.addRule(ORule.ResourceGeneric.CLASS, "OUser", ORole.PERMISSION_NONE); readerRole.addRule(ORule.ResourceGeneric.CLUSTER, null, ORole.PERMISSION_READ); readerRole.addRule(ORule.ResourceGeneric.COMMAND, null, ORole.PERMISSION_READ); readerRole.addRule(ORule.ResourceGeneric.RECORD_HOOK, null, ORole.PERMISSION_READ); readerRole.addRule(ORule.ResourceGeneric.FUNCTION, null, ORole.PERMISSION_READ); readerRole.addRule(ORule.ResourceGeneric.SYSTEM_CLUSTERS, null, ORole.PERMISSION_NONE); readerRole.save(); writerRole.addRule(ORule.ResourceGeneric.DATABASE, null, ORole.PERMISSION_READ); writerRole.addRule(ORule.ResourceGeneric.SCHEMA, null, ORole.PERMISSION_READ); writerRole.addRule(ORule.ResourceGeneric.CLUSTER, OMetadataDefault.CLUSTER_INTERNAL_NAME, ORole.PERMISSION_READ); readerRole.addRule(ORule.ResourceGeneric.CLUSTER, "orole", ORole.PERMISSION_NONE); readerRole.addRule(ORule.ResourceGeneric.CLUSTER, "ouser", ORole.PERMISSION_NONE); writerRole.addRule(ORule.ResourceGeneric.CLASS, null, ORole.PERMISSION_ALL); writerRole.addRule(ORule.ResourceGeneric.CLASS, "OUser", ORole.PERMISSION_NONE); writerRole.addRule(ORule.ResourceGeneric.CLUSTER, null, ORole.PERMISSION_ALL); writerRole.addRule(ORule.ResourceGeneric.COMMAND, null, ORole.PERMISSION_ALL); writerRole.addRule(ORule.ResourceGeneric.RECORD_HOOK, null, ORole.PERMISSION_ALL); writerRole.addRule(ORule.ResourceGeneric.FUNCTION, null, ORole.PERMISSION_READ); writerRole.addRule(ORule.ResourceGeneric.SYSTEM_CLUSTERS, null, ORole.PERMISSION_NONE); writerRole.save();
readerRole.addRule(ORule.ResourceGeneric.DATABASE, null, ORole.PERMISSION_READ); readerRole.addRule(ORule.ResourceGeneric.SCHEMA, null, ORole.PERMISSION_READ); readerRole.addRule(ORule.ResourceGeneric.CLUSTER, OMetadataDefault.CLUSTER_INTERNAL_NAME, ORole.PERMISSION_READ); readerRole.addRule(ORule.ResourceGeneric.CLUSTER, "orole", ORole.PERMISSION_NONE); readerRole.addRule(ORule.ResourceGeneric.CLUSTER, "ouser", ORole.PERMISSION_NONE); readerRole.addRule(ORule.ResourceGeneric.CLASS, null, ORole.PERMISSION_READ); readerRole.addRule(ORule.ResourceGeneric.CLASS, "OUser", ORole.PERMISSION_NONE); readerRole.addRule(ORule.ResourceGeneric.CLUSTER, null, ORole.PERMISSION_READ); readerRole.addRule(ORule.ResourceGeneric.COMMAND, null, ORole.PERMISSION_READ); readerRole.addRule(ORule.ResourceGeneric.RECORD_HOOK, null, ORole.PERMISSION_READ); readerRole.addRule(ORule.ResourceGeneric.FUNCTION, null, ORole.PERMISSION_READ); readerRole.addRule(ORule.ResourceGeneric.SYSTEM_CLUSTERS, null, ORole.PERMISSION_NONE); readerRole.save(); writerRole.addRule(ORule.ResourceGeneric.DATABASE, null, ORole.PERMISSION_READ); writerRole .addRule(ORule.ResourceGeneric.SCHEMA, null, ORole.PERMISSION_READ + ORole.PERMISSION_CREATE + ORole.PERMISSION_UPDATE); writerRole.addRule(ORule.ResourceGeneric.CLUSTER, OMetadataDefault.CLUSTER_INTERNAL_NAME, ORole.PERMISSION_READ); readerRole.addRule(ORule.ResourceGeneric.CLUSTER, "orole", ORole.PERMISSION_NONE); readerRole.addRule(ORule.ResourceGeneric.CLUSTER, "ouser", ORole.PERMISSION_NONE); writerRole.addRule(ORule.ResourceGeneric.CLASS, null, ORole.PERMISSION_ALL); writerRole.addRule(ORule.ResourceGeneric.CLASS, "OUser", ORole.PERMISSION_NONE); writerRole.addRule(ORule.ResourceGeneric.CLUSTER, null, ORole.PERMISSION_ALL); writerRole.addRule(ORule.ResourceGeneric.COMMAND, null, ORole.PERMISSION_ALL); writerRole.addRule(ORule.ResourceGeneric.RECORD_HOOK, null, ORole.PERMISSION_ALL); writerRole.addRule(ORule.ResourceGeneric.FUNCTION, null, ORole.PERMISSION_READ); writerRole.addRule(ORule.ResourceGeneric.CLASS, OSequence.CLASS_NAME, ORole.PERMISSION_READ); writerRole.addRule(ORule.ResourceGeneric.CLASS, "OTriggered", ORole.PERMISSION_READ); writerRole.addRule(ORule.ResourceGeneric.CLASS, "OSchedule", ORole.PERMISSION_READ);
addRule(ORule.ResourceGeneric.BYPASS_RESTRICTED, null, ORole.PERMISSION_ALL).save();
if (adminRole == null) { adminRole = createRole(ORole.ADMIN, ORole.ALLOW_MODES.ALLOW_ALL_BUT); adminRole.addRule(ORule.ResourceGeneric.BYPASS_RESTRICTED, null, ORole.PERMISSION_ALL).save();