acl: Define target of access control rules
Basic NeoFS ACL applies access rules to request sender. Request senders are combined in groups that calls `targets`. Basic ACL rules may be applied to these targets: 1. User - request sender is the owner of the container, used in the request. 2. System - request sender is the storage node within the container used in the request or inner ring node. 3. Others - request sender is none of the above. Extended ACL rules may be applied for targets, provided with extra information. 4. PubKey - request sender has provided public key.
This commit is contained in:
parent
b48cc534f4
commit
afd55ac90b
1 changed files with 27 additions and 0 deletions
27
acl/types.proto
Normal file
27
acl/types.proto
Normal file
|
@ -0,0 +1,27 @@
|
|||
syntax = "proto3";
|
||||
package acl;
|
||||
option go_package = "github.com/nspcc-dev/neofs-api-go/acl";
|
||||
option csharp_namespace = "NeoFS.API.Acl";
|
||||
|
||||
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
|
||||
option (gogoproto.stable_marshaler_all) = true;
|
||||
|
||||
// Target of the access control rule in access control list.
|
||||
enum Target {
|
||||
// Unknown target, default value.
|
||||
Unknown = 0;
|
||||
|
||||
// User target rule is applied if sender is the owner of the container.
|
||||
User = 1;
|
||||
|
||||
// System target rule is applied if sender is the storage node within the
|
||||
// container or inner ring node.
|
||||
System = 2;
|
||||
|
||||
// Others target rule is applied if sender is not user or system target.
|
||||
Others = 3;
|
||||
|
||||
// PubKey target rule is applied if sender has public key provided in
|
||||
// extended ACL.
|
||||
PubKey = 4;
|
||||
}
|
Loading…
Reference in a new issue