-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpermissions.acl
103 lines (91 loc) · 2.77 KB
/
permissions.acl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
/**
* Access Control List for the bond data
*/
rule UserAccess {
description: "something"
participant(u): "org.alpha.secureid.User"
operation: READ, UPDATE
resource(r): "org.alpha.secureid.User"
condition: (u.getIdentifier() == r.getIdentifier())
action: ALLOW
}
rule OtherUserAccess {
description: "something"
participant(u): "org.alpha.secureid.User"
operation: READ
resource(r): "org.alpha.secureid.User"
condition: (u.getIdentifier() != r.getIdentifier())
action: ALLOW
}
rule OthersAadhaarAccess {
description: "Allow other users to access aadhaar if access is granted"
participant(u): "org.alpha.secureid.User"
operation: READ
resource(r): "org.alpha.secureid.Aadhaar"
condition: (r.owner.grantedUsers.indexOf(u.getIdentifier()) >= 0 ? true: false)
action: ALLOW
}
rule OwnAadhaarAccess {
description: "Allow user to access his own aadhaar"
participant(u): "org.alpha.secureid.User"
operation: READ
resource(a): "org.alpha.secureid.Aadhaar"
condition: (a.owner.userId === u.userId)
action: ALLOW
}
rule AccessHistoryAccess {
description: "Allow all users to update access history"
participant: "org.alpha.secureid.User"
operation: READ, UPDATE
resource: "org.alpha.secureid.AccessHistory"
action: ALLOW
}
rule RejectAccessTrans {
description: "Allow all users to update access history"
participant: "org.alpha.secureid.User"
operation: CREATE, READ
resource: "org.alpha.secureid.RejectAccess"
action: ALLOW
}
rule ReequestAccessTrans {
description: "Allow all users to update access history"
participant: "org.alpha.secureid.User"
operation: CREATE, READ
resource: "org.alpha.secureid.RequestAccess"
action: ALLOW
}
rule GrantAccessTrans {
description: "Allow all users to update access history"
participant: "org.alpha.secureid.User"
operation: CREATE, READ
resource: "org.alpha.secureid.GrantAccess"
action: ALLOW
}
rule ViewAadhaarTrans {
description: "Allow all users to update access history"
participant: "org.alpha.secureid.User"
operation: CREATE, READ
resource: "org.alpha.secureid.ViewAadhaar"
action: ALLOW
}
rule SystemACL {
description: "System ACL to permit all access"
participant: "org.hyperledger.composer.system.Participant"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
rule NetworkAdminUser {
description: "Grant business network administrators full access to user resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "**"
action: ALLOW
}
rule NetworkAdminSystem {
description: "Grant business network administrators full access to system resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}