hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-17 15:03:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add available scopes table in docs/source/rbac/scopes.md

Browse Source
This commit is contained in:
IvanaH8
2021-04-08 16:03:17 +02:00
parent f5bbe78dbd
commit 649524d357
1 changed files with 28 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
docs/source/rbac/scopes.md
View File

@@ -78,9 +78,35 @@ The payload of an API call can be filtered both horizontally and vertically simu
## Available scopes
Table below lists all available scopes and illustrates their hierarchy.
Table below lists all available scopes and illustrates their hierarchy. Indented scopes indicate subscopes of the scope(s) above them.
_Table of scopes here_
Table 1. Available scopes and their hierarchy
| Scope name | Description |
| :--------- | :---------- |
| (no scope) | Allows for only identifying the owning entity. |
| `self` | Metascope, grants access to user's own resources; resolves to (no scope) for services. |
| `all` | Metascope, valid for tokens only. Grants access to everything that the token's owning entity can do. |
| `admin:users` | Grants read, write, create and delete access to users and their authentication state _but not their servers or tokens._ |
|    `admin:users:auth_state` | Grants access to users' authentication state only. |
|    `users` | Grants read and write permissions to users' models _apart from servers, tokens and authentication state_. |
|       `users:activity` | Grants access to read and post users' activity only. |
|       `read:users` | Read-only access to users' models _apart from servers, tokens and authentication state_. |
|          `read:users:name` | Read-only access to users' names. |
|          `read:users:groups` | Read-only access to users' groups. |
|          `read:users:activity` | Read-only access to users' activity. |
| `admin:users:servers` | Grants read, start/stop, create and delete permissions to users' servers and their state. |
|    `admin:users:server_state` | Grants access to servers' state only. |
|    `users:servers` | Allows for starting/stopping users' servers in addition to read access. _Does not include the server state_. |
|       `read:users:servers` | Read-only access to users' servers. _Does not include the server state_. |
| `users:tokens` | Grants read, write, create and delete permissions to users' tokens. |
|    `read:users:tokens` | Read-only access to users' tokens. |
| `admin:groups` | Grants read, write, create and delete access to groups. |
|    `groups` | Grants read and write permissions to groups, including adding/removing users to/from groups. |
|       `read:groups` | Read-only access to groups. |
| `read:services` | Read-only access to services. |
| `read:hub` | Read-only access to detailed information about the Hub. |
| `proxy` | Allows for obtaining information about the proxy's routing table, for syncing the Hub with proxy and notifying the Hub about a new proxy. |
| `shutdown` | Grants access to shutdown the hub. |
```{Caution}
Note that only the {ref}`horizontal filtering <horizontal-filtering-target>` can be added to scopes to customize them. \