json.schema.entity.policies.accessControl.resourcePermission.json Maven / Gradle / Ivy
{
"$id": "https://open-metadata.org/schema/entity/policies/accessControl/ResourcePermission.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "ResourcePermission",
"description": "A set of permissions for a user that shows what operation is denied, allowed, or not allowed for all the resources.",
"javaType": "org.openmetadata.schema.type.ResourcePermission",
"type": "object",
"definitions": {
"permission": {
"type": "object",
"javaType": "org.openmetadata.schema.type.Permission",
"properties": {
"operation": {
"description": "Operation names related to the `resource`.",
"$ref": "resourceDescriptor.json#/definitions/operation"
},
"access": {
"description": "Access decided after evaluating rules in a policy. Note the access is defined in the order of precedence.",
"type": "string",
"enum": [
"deny",
"allow",
"conditionalDeny",
"conditionalAllow",
"notAllow"
]
},
"rule": {
"description": "Rule that matches the resource and the operation that decided the `access` as `allow` or `deny`. When no rule matches, the `access` is set to `notAllow`. When access can't be determined because all information required to match the `condition` in the rule, `access` is set to `conditional`.",
"$ref": "rule.json"
},
"policy": {
"description": "Name of the policy where the `rule` is from.",
"type": "string"
},
"role": {
"description": "Name of the role where the `policy` is from. If this is not role based policy, `role` is set to null",
"type": "string"
}
},
"additionalProperties": false
}
},
"properties": {
"resource": {
"description": "Name of the resource",
"type": "string"
},
"permissions": {
"description": "Permissions for a `resource`.",
"type": "array",
"items": {
"$ref": "#/definitions/permission"
}
}
},
"additionalProperties": false,
"required": ["resource", "permissions"]
}