From 58ce884eabdb27be2030812c9fc32be7617d5f49 Mon Sep 17 00:00:00 2001 From: Denis Kirillov Date: Wed, 27 Apr 2022 10:52:03 +0300 Subject: [PATCH] [#406] Update docs Signed-off-by: Denis Kirillov --- docs/authmate.md | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/docs/authmate.md b/docs/authmate.md index 7754745..081a233 100644 --- a/docs/authmate.md +++ b/docs/authmate.md @@ -158,28 +158,32 @@ where content of `bearer-rules.json`: ] } ``` + +**Note:** such rules allow all operations for all users (the same behavior when records are empty). +To restrict access you MUST provide records with `DENY` action. That's why we recommend always place such records +at the end of records (see default rules below) to prevent undesirable access violation. +Since the rules are applied from top to bottom, they do not override what was previously allowed. + If bearer rules are not set, a token will be auto-generated with a value: ```json { "version": { - "major": 2, - "minor": 11 + "major": 2, + "minor": 11 }, "containerID": { - "value": null + "value": null }, "records": [ - { - "operation": "GET", - "action": "ALLOW", - "filters": [], - "targets": [ - { - "role": "OTHERS", - "keys": [] - } - ] - } + {"operation": "GET", "action": "ALLOW", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]}, + + {"operation": "GET", "action": "DENY", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]}, + {"operation": "HEAD", "action": "DENY", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]}, + {"operation": "PUT", "action": "DENY", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]}, + {"operation": "DELETE", "action": "DENY", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]}, + {"operation": "SEARCH", "action": "DENY", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]}, + {"operation": "GETRANGE", "action": "DENY", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]}, + {"operation": "GETRANGEHASH", "action": "DENY", "filters": [], "targets": [{"role": "OTHERS", "keys": []}]} ] } ```