diff options
Diffstat (limited to 'controller-api/src')
-rw-r--r-- | controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java | 5 | ||||
-rw-r--r-- | controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java | 1 |
2 files changed, 6 insertions, 0 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java index ecf3d29bc1a..ad739d16ff8 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java @@ -102,6 +102,11 @@ enum Policy { .on(PathGroup.tenantKeys, PathGroup.applicationKeys) .in(SystemName.all())), + /** Access to revoke keys from the tenant */ + keyRevokal(Privilege.grant(Action.delete) + .on(PathGroup.tenantKeys, PathGroup.applicationKeys) + .in(SystemName.all())), + /** Full access to application development deployments. */ developmentDeployment(Privilege.grant(Action.all()) .on(PathGroup.developmentDeployment, PathGroup.developmentRestart) diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java index 3b861c607b1..40903b02465 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java @@ -63,6 +63,7 @@ public enum RoleDefinition { Policy.tenantManager, Policy.tenantDelete, Policy.applicationManager, + Policy.keyRevokal, Policy.paymentInstrumentRead, Policy.paymentInstrumentUpdate, Policy.paymentInstrumentDelete, |