hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-07 10:04:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
bba81a856c958366c18f54a6a91a4cc48934b009
jupyterhub/docs/source/rbac/scope-table.md
pre-commit-ci[bot] 916a4bb784 [pre-commit.ci] auto fixes from pre-commit.com hooks 
for more information, see https://pre-commit.ci
2025-02-19 08:04:13 +00:00

16 KiB
Raw Blame History

Table 1. Available scopes and their hierarchy

Scope Grants permission to:
(no_scope) Identify the owner of the requesting entity.
self The users own resources (metascope for users, resolves to (no_scope) for services)
inherit Everything that the token-owning entity can access (metascope for tokens)
admin-ui Access the admin page. Permission to take actions via the admin page granted separately.
admin:users Read, modify, create, and delete users and their authentication state, not including their servers or tokens. This is an extremely privileged scope and should be considered tantamount to superuser.
   admin:auth_state Read a users authentication state.
   users Read and write permissions to user models (excluding servers, tokens and authentication state).
      read:users Read user models (including the URL of the default server if it is running).
         read:users:name Read names of users.
         read:users:groups Read users group membership.
         read:users:activity Read time of last user activity.
      list:users List users, including at least their names.
         read:users:name Read names of users.
      users:activity Update time of last user activity.
         read:users:activity Read time of last user activity.
   read:roles:users Read user role assignments.
   delete:users Delete users.
read:roles Read role assignments.
   read:roles:users Read user role assignments.
   read:roles:services Read service role assignments.
   read:roles:groups Read group role assignments.
admin:servers Read, start, stop, create and delete user servers and their state.
   admin:server_state Read and write users server state.
   servers Start and stop user servers.
      read:servers Read users names and their server models (excluding the server state).
         read:users:name Read names of users.
      delete:servers Stop and delete users' servers.
tokens Read, write, create and delete user tokens.
   read:tokens Read user tokens.
admin:groups Read and write group information, create and delete groups.
   groups Read and write group information, including adding/removing any users to/from groups. Note: adding users to groups may affect permissions.
      read:groups Read group models.
         read:groups:name Read group names.
      list:groups List groups, including at least their names.
         read:groups:name Read group names.
   read:roles:groups Read group role assignments.
   delete:groups Delete groups.
admin:services Create, read, update, delete services, not including services defined from config files.
   list:services List services, including at least their names.
      read:services:name Read service names.
   read:services Read service models.
      read:services:name Read service names.
   read:roles:services Read service role assignments.
read:hub Read detailed information about the Hub.
access:services Access services via API or browser.
shares Manage access to shared servers.
   access:servers Access user servers via API or browser.
   read:shares Read information about shared access to servers.
   users:shares Read and revoke a user's access to shared servers.
      read:users:shares Read servers shared with a user.
   groups:shares Read and revoke a group's access to shared servers.
      read:groups:shares Read servers shared with a group.
proxy Read information about the proxys routing table, sync the Hub with the proxy and notify the Hub about a new proxy.
shutdown Shutdown the hub.
read:metrics Read prometheus metrics.