acl: Define target of access control rules
Basic NeoFS ACL applies access rules to request sender. Request senders are combined in groups that calls `targets`. Basic ACL rules may be applied to these targets: 1. User - request sender is the owner of the container, used in the request. 2. System - request sender is the storage node within the container used in the request or inner ring node. 3. Others - request sender is none of the above. Extended ACL rules may be applied for targets, provided with extra information. 4. PubKey - request sender has provided public key.
This commit is contained in:
parent
b48cc534f4
commit
afd55ac90b
1 changed files with 27 additions and 0 deletions
27
acl/types.proto
Normal file
27
acl/types.proto
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
syntax = "proto3";
|
||||||
|
package acl;
|
||||||
|
option go_package = "github.com/nspcc-dev/neofs-api-go/acl";
|
||||||
|
option csharp_namespace = "NeoFS.API.Acl";
|
||||||
|
|
||||||
|
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
|
||||||
|
option (gogoproto.stable_marshaler_all) = true;
|
||||||
|
|
||||||
|
// Target of the access control rule in access control list.
|
||||||
|
enum Target {
|
||||||
|
// Unknown target, default value.
|
||||||
|
Unknown = 0;
|
||||||
|
|
||||||
|
// User target rule is applied if sender is the owner of the container.
|
||||||
|
User = 1;
|
||||||
|
|
||||||
|
// System target rule is applied if sender is the storage node within the
|
||||||
|
// container or inner ring node.
|
||||||
|
System = 2;
|
||||||
|
|
||||||
|
// Others target rule is applied if sender is not user or system target.
|
||||||
|
Others = 3;
|
||||||
|
|
||||||
|
// PubKey target rule is applied if sender has public key provided in
|
||||||
|
// extended ACL.
|
||||||
|
PubKey = 4;
|
||||||
|
}
|
Loading…
Reference in a new issue