User Permissions¶
Domains¶
The following domains are used within a Bayware network.
| Domain Type | Description |
|---|---|
| Administrative | Responsible for all platform administration |
| Infrastructure | Responsible for tasks within the switching domain at the Bayware Engines |
| User | Responsible for tasks within the workload domain at the Bayware Agents |
System Roles¶
System roles are globally unique. By default, six system roles are created at the time of controller installation.
| Role Name | Domain Type | ||
|---|---|---|---|
| Administrative | Infrastructure | User | |
| systemAdmin | ✔ | ✖ | ✖ |
| userDomainAdmin | ✖ | ✖ | ✔ |
| contractAdmin | ✖ | ✖ | ✔ |
| hostOwner | ✖ | ✖ | ✔ |
| infrDomainAdmin | ✖ | ✔ | ✖ |
| switchOwner | ✖ | ✔ | ✖ |
The system roles have the following permissions
| System Role Permissions | System Role | ||||
|---|---|---|---|---|---|
| systemAdmin | domainAdmin | contractAdmin | hostOwner | switchOwner | |
| Service Management | |||||
| Install, update, delete service template | ✔ | ✖ | ✖ | ✖ | ✖ |
| Domain Management | |||||
| Create, modify, and delete user domain | ✔ | ✖ | ✖ | ✖ | ✖ |
| Assign service template to user domain | ✔ | ✖ | ✖ | ✖ | ✖ |
| Allocate pool of topic identifiers for user domain | ✔ | ✖ | ✖ | ✖ | ✖ |
| User Management | |||||
| Create, modify, and delete user | ✔ | ✔ | ✖ | ✖ | ✖ |
| Assign system role ‘systemAdmin’ to user | ✔ | ✖ | ✖ | ✖ | ✖ |
| Assign system role ‘domainAdmin’ to user | ✔ | ✔ | ✖ | ✖ | ✖ |
| Assign system role ‘topicAdmin’ to user | ✖ | ✔ | ✖ | ✖ | ✖ |
| Assign system role ‘topicViewer’ to user | ✖ | ✔ | ✖ | ✖ | ✖ |
| Assign system role ‘hostOwner’ to user | ✖ | ✔ | ✖ | ✖ | ✖ |
| Assign system role ‘switchOwner’ to user | ✖ | ✔ | ✖ | ✖ | ✖ |
| Topic Management | |||||
| Create, modify, and delete topic | ✖ | ✔ | ✖ | ✖ | ✖ |
| Assign group identifier to topic | ✖ | ✔ | ✖ | ✖ | ✖ |
| Assign service template to topic | ✖ | ✔ | ✖ | ✖ | ✖ |
| Assign user with the system role ‘topicAdmin’ to manage topic | ✖ | ✔ | ✖ | ✖ | ✖ |
| Create, modify, and delete topic role by configuring service role | ✖ | ✔ | ✔ | ✖ | ✖ |
| Assign topic role to user with system role ‘hostOwner’ or ‘topicViewer’ | ✖ | ✔ | ✔ | ✖ | ✖ |
| Topic Operations | |||||
| Receive topic role initial configuration (service role, group identifier, expire time, etc.) | ✖ | ✖ | ✖ | ✔ | ✖ |
| Receive service token (auth) and authorization tag | ✖ | ✖ | ✖ | ✔ | ✖ |
| Receive path | ✖ | ✖ | ✖ | ✔ | ✖ |
| Receive program data set | ✖ | ✖ | ✖ | ✔ | ✖ |
| Receive instruction set | ✖ | ✖ | ✖ | ✔ | ✖ |
| Node Operations | |||||
| Receive network node initial configuration (controller’s certificate, domain, etc.) | ✖ | ✖ | ✖ | ✔ | ✔ |
| Receive network token | ✖ | ✖ | ✖ | ✔ | ✔ |
| Register host | ✖ | ✖ | ✖ | ✔ | ✖ |
| Register switch | ✖ | ✖ | ✖ | ✖ | ✔ |
| Register connection | ✖ | ✖ | ✖ | ✔ | ✔ |
| Register endpoint (socket with topic role) | ✖ | ✖ | ✖ | ✔ | ✖ |
| Receive switch and connection tags | ✖ | ✖ | ✖ | ✖ | ✔ |
| Receive topic policy | ✖ | ✖ | ✖ | ✖ | ✔ |
| Publish usage data (per flow) | ✖ | ✖ | ✖ | ✔ | ✔ |
| Publish performance data (per connection and interface) | ✖ | ✖ | ✖ | ✖ | ✔ |
| Publish fault and performance alerts (on memory, processor, and queue load) | ✖ | ✖ | ✖ | ✖ | ✔ |