From 096b86fedc7da52b377358b83fed38d4a738fcf2 Mon Sep 17 00:00:00 2001 From: rwetherall Date: Wed, 4 Apr 2018 10:45:50 +1000 Subject: [PATCH] Role and Capability initial technical documentation. --- rm-community/documentation/README.md | 4 +- .../resource/image/CapabilitiesAndRoles.png | Bin 0 -> 27310 bytes .../extendedPermissionService.md | 0 .../security/rolesAndCapabilities.md | 41 ++++++++++++++++++ 4 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 rm-community/documentation/resource/image/CapabilitiesAndRoles.png rename rm-community/documentation/{ => security}/extendedPermissionService.md (100%) create mode 100644 rm-community/documentation/security/rolesAndCapabilities.md diff --git a/rm-community/documentation/README.md b/rm-community/documentation/README.md index b4b7911330..fba3b1f15a 100644 --- a/rm-community/documentation/README.md +++ b/rm-community/documentation/README.md @@ -17,8 +17,8 @@ * Retention Schedules and Events * Transfer and Accession * Security - * [Extended permission service](extendedPermissionService.md) - * Roles, Capabilities and Permissions + * [Extended permission service](security/extendedPermissionService.md) + * [Roles and Capabilities](security/rolesAndCapabilities.md) * Discovery * Governance Search * Legal Holds diff --git a/rm-community/documentation/resource/image/CapabilitiesAndRoles.png b/rm-community/documentation/resource/image/CapabilitiesAndRoles.png new file mode 100644 index 0000000000000000000000000000000000000000..606a7d3a73284a873c18ac9a199fa168456a2bc3 GIT binary patch literal 27310 zcmaI8by(X$6E)gW+}+(>gIj|aD^lEw2X~4~aQEUar8pGV;_lMo?oizA2Hy96cE9KT zlZPkCZ?m(zGdpwU9Kw_orBM(G5#POghw@2ALgn2%DA2oi?~~wRA@9f{p?B4>HAXlp5HG6jzZ-{t^Q75=?Wk1s;{ z4cf|wg>zQ3CA~-+D5cm+XFif=>ezAWaf};!#o?5azzQhGPcYfk~5jW@pUY9~oZsPLBN5Wum&A5xFdc#tpElZ`c(Dp`9dVZuLGii>~+V` z3c}XBjyO~Kkk1`l=w6orn+-IvYxJ#nK?+Q3Xs?TUi6}rnHa1pyoKN2gd|jwKYarLb z%(S?%4HudM7nG-C(yYMK*=9e>b;7Ha66;`E%ULsul8zZ5P?dt5Qany!x))LL!W&0C z`)xhLaRJquIUD!1fgnNlo1=@m0eWuw>$Ma#7su+i9c=c?L69!(p60rk+$F(9mT5EJ zbh9nbBPxt&GAG`lh71yV4l|k~u3$>QsL!o%_$T+)5}Ec^#)fq6k`OEEvg=-opDU** z51GwiKc`kVZCe*m@t?=Q&9SUt+ z+PJ3UN`)kT6}m^4Nm*ha1=Z=lfS95GgLq%eA_!p5a$qEhA;D{Ovxut-^k8JibrArkK9VnFQZF@&7pmCiX}{PDd_yK%CAyRufX zt36?q9?aXmzXK*H$2G%~q9*<7v(Jp$!t5s`go%3H^JqLk6EWUS3%~xD{CZ@nxg4rRa<)Wml*70$ zatCyLGMDH3@;o|Os==n(df4>PjV5Xx-SP5tQpDcz#O8Y^=M)$e#NCf);AM!YqbnLs zDm;Wny)Oc;FKm!?=m->=Gku;v`Gr+|)H|pM6&Txqfsa3MZI3E}+`&Wg;{9-a<`)Z@ zQe4)MoLWm+BUk{=cM`I4vGwexL)eIEAKY(G4KL0NYD^H&;9o~wk#i>i{81x7#i;f3 zd&eV3hnineftr+*RJ3OaIBsx55k|Qna}5Mbg^ohoXjGl=|p2N(>-Zg?j#Fh82ktE{KDyd6{RhO$w2N&P852XaKJBXVY!7Qp`Tj?fAR zSYab2W0hc9^%r{>^BakQhV9cj6=+>#B*ff(MVAa`fy{mGHm^Gs4kO#ol$4b8AVdrR z2U%>aEfpwM&cR*HS4I{cz<@5NV!&4bo3;(*-`L3KW7PcqJCjqoXS;wPlhKRBwS14D zG5zm(yY8xcM~jHEU%K8{i~YVq0cbA8ZCC+ux#_W57Cvkr!c~*W-OdfS+6U24#v{iu z!tKU1OFx4?cFx;j)ZcT;j`FZ@f@BBs5cqu|(LKFTh?8?_r%MW$pMzmU2E?K}PZOf9 z#D~I@9!hmZ$IbQ%)IhbQ_?l|CjyP5k)d=rO~|s7#Uy@~N-$wbOL>;sWVG+#+j7>QY6V@<{<9+LnWz5p`x=o;_t26ONrhCS z7$JIqbsLI7awd$P*Q(7G$&a_CP0!)hTwuaBA(g%aSMQxrxGaF*HMAS1G@Q{_>}Yha z4Fq(^=q@L6yQ|VmcC9LynC!U-7@HWCpFJ$x^tYIuoA_0%xGnxNPWg&mt0kJe z*86i`3YZSY3aUg}C|77BcdwNGo~kq>eCaZ?3h zLVgLSOnhlB*c1H(YgLU`0PG7(Mv3LkMF5AXE#kG z6p#ZWWMRz74BTWGp(R#%4!)DpXti*N_8?h8uC70eZe%QG8LU!+^OXt&wZ<@46SK2< zMa_swNrjEr>nJ~OaF=+7l5}5?J8TI*h(=*i|7lNY+`%UOLe!CS@A-G`Gx%X47;5Ug zv|lDVE%YNE&X+NfQ*OjOM)HMPltP3w{3+|h-Q3pJ46qcCN@5;7H(f;xt31{FpciMA zwSGV7Cc%QxAKEUm$L&VEQxV?xjKojhAe|1|M0nRhL+QFqDUX5@7~{)MI~MV~Uc6&% zQtsiiA71=ZJ%xgFVC+*v5PGUcrGBdV$M9kg9|WuC23W?1+>{0$C@$C*v3qA0PW`!@ zB6^hJ7Z%{+Zii;IJD1Pxfp3nB%6h_p75(^p6uSlj*^}r+wTJ*BQu|{^j^otVq3R!Q zt_$>_@}vBc8z~cY4NA{lc+l)i-^}df-^XqM@(Bd3st8}FU^-(YzmvZ z4hoBhwGJj8qLUk(XKAaYKDxL@b-jp%1yS)<)(hCbbCfhRg_5B+HEn10<5D`DB^wtP ztnqK|AqM<~B{tAJj;Kh${dvsj?(42Ps|4e%d??T??6}}lg@<3y-BYfGjj3&=g-oNG zZ3Bfh$7&f1-q*rlbb{)QNo<_)xNC88>Obp$Q=Z`%_0`GQIEb|s@UOQLH#+^#`g~)0 z#yksAZrDEcALwJYQmHs_%Z*@a&W|fi_n2sZL$ctIWAN^ zpPE{j(b=(o7;0rVj8iz1w0)Sb*Nn^c4bI-Z@~~nNPU@#7_WEL#eDC^Qd`3@ef)R1t zxVj~43BGlXumbCCAhs?E$5IyHLc~wQ5QPI9jV*0^fIN!$b{NTlhr; zrj|$T#Ml{kuww_gp>2A$w919IER65scNq(WF>hv#hT{6A7_1xH0LH=|ax0-SE#Z4W z6tH??J8oOgDr-`EJ4#H_Z6OhS8a%~=(G?xc>*WYD>K{rGW&7*n#|jB4iH}4`XjU8^ ztDC4ig~`gU4jf)zY^>M0xA_o{5~ZvTyWaI8Y5QQdyQ*&v-?pF-l!Rjn@$sS9mgsAy z>qj01#!Y~vs3=;>)}JLUH0R}D8n$=sZByx}U$$ku=Td;f^AXjAC|%bkoAdK_QD7cu zj)oDKa%2tOYyYil;VDF}DiI~{?vm;NmXW4%=qe91@R$egN0x5)&NJpxdq?QT5p*QL z*2!6nXGs1*Bd|6}3W&G3M+=@?A+x{+KrSxqTE&5O`a+R8!F`opn2~Qb(#mW89F40O z;#{r2f7;tDvUwdS9Szp4dI2udH0;u?Oinfmcd{!XZb+b9td8wAJBvqQx=t6X`y60_ zk&aQf_tHz37h8MaYbb8Ut-qc5`w~sfo&bPll~2Xtd)pz;jokZKwK1Y_yK0G$9mvvK zq`<`9ls$k<1Y`3;m8h?2f?fMUbarEqI*L`=S6=>sys6@MVTo-1V^na&5P^Tb`PZG7 z8&N3+XQ_d?L;BL8F53K7?^@aqYL(~qM)x5~O~_p%b(5hPqQozl59SL}54$-}534V> z7&fU5<^=U4S#=Gtl>gmFR82@+9b)3UYG}x5C?UZsz%|8N`1GV!b`2VbQJUFeY_K9? zqp+~iVkT$pp*$>tX4ViKQfuNP6DA4pUS6LSMMj$QjX4W2TQg~Qt3;-6sjGA-EF#qJ zTuJP!nA8bM;4Z-+tw)bgt2U8s!$nBAm^lY(dY&xb&<}O4Gb9i}B zo=2vCcL|btvA_*>YxbL*eV5=TA$ER(`DkQg#grCt~ghVm`PGx?awR?c2huXm|$C+6-od>X8(BKAVt zN+y22ZA1ZsWFO>iM4p)4FC&xFin$kPTYi`)bat5_uzqT`W;?REvvw`Og(SAGPEw8q zUCz|tHYK_g6nlNC=5mM2fa92-()N3_hZ}$M&pp(KBpvjfljgwIgTB(5XV&^_;NRU}$#YA|{2 zR*qa(SPjmZa<2;dgiL z>V-d;rG6qx^;@-aar@qi?r%q|t=9Qa+U-^VEvQP4Mk@5t)wSLzu!t)3kNwND_v7=! zN%;JaqH9P^2Ux8u#QN_pBB?1p^uF|HQj$D6H*EU`MA&^VCM zg5nL#W)1|-v zT%6EiVYf?u0mYfygyw>LMP<(~I9~hxBa9PiP#4_bqu z^un5(1+Z~((@YfPt4?GouC|OAex9HhJgK)be|@QWPw$ z(EV*P#C~1G()#O1hZ6?>JTgCFfz%sfo4vwj^^AJ2$|_NLn-ovhLd{2SE` zcD8|0Kt{8VWN~KAYRnXdI|x5Ryp6d zNd_09?T`*i6+%tZEa%CTD@V@VSW2^S9y34cGB$J+A1{WFAJ`eHwp<&-D&ld4NYR6A zMBfj`qQGu`Q?Ro{DdK(B+0h6EL*92>#v(?#@o2#DWki!-dO?>>r&}R`9zAtq3ocz; zUHQ3ele;p}ZV?Sy{o;#*@$c9@1CFv{?o8(sJ;+YUMg^y(&*DA^v(aqiH=F4`XzuSaQ0s!#U{2ut{XvUF! zun;gwat4KDEB;r?PaA_B8<(iEtu89XlDzT9tM8+816h**v z0tCH3eu!H=IwXH7ZnZ0G%JIIQH-{9#Su}6JnQ1^o(;IA-m=9VujQgl{ZVg%#q)w#{ zruLQgik(@%`Lf-FoLpiuqpyc@;%d4@4c#m1m$fP<2K2NF9=;U*6WKq>Thw>ih(!WF zXeC^;zGZ~P$@Y$pW3&Z9oVxAIgN=_AV=Mmu{RdY1$$%wHI7@VkayO zkn$Kj2Ma8f)qys@k~#9F+{qkd$M5J6$XrSE=h>p6^x6~4U@Gfxvyqx~G>DL=&~_Bo zUlNJB<&I!CUt#RY8WICWErtJu`FO7R=d@AkpvIU(;us9`lTF!@A@rVeiNCq;w$=ZX zh@G@FdP%bBjJD~VkS7qeKm3+NQ>30vXvxEP>s&&pYIA}fChAfXm|*229vCwO>y$*; zWxQWmtP+~5<%+o%4*u@zCjStUHA_`RrvcYQNy79bc)HRo-!thYyj6pwx%ShtVd+j{ z`L*`eCW1bmtz7MF>P6GnKwgfEO0z0mr$zZF?@Cf*3=1&px}+ECm;j8=G~KXAl1$>+ zGU6;r_iwmH;OKZPEib^uo5AncE=2#$t~WI9(M7&VB8Pz_9GoA9#z(mk7c_~V#Wgiy zD(v9FQrpoJl0?-$W9W^t&!IylLC^CX@)H1)0dHxx-lC{g@&T==+!oS>;}%xv(Z$6@ zXZiNq4J04(PvaPXr#3P{O`8=XnGrTbUTl?b`GU0`j6x!JBs;JrYy1z);mELwW@Vk^ zS1l&u-s~3=qz7A;OMe0IQ-Vk0A1_G|33GGmBqvx2U=+3^5HL7GqoTyUT2mri@$sBW zX_$NrUNykrm2(owuyx~f2|{?r0-#?om9m0 z)q#a)A5U@+ZdtF9ZE@!av-PAThlKb_yX_}#1Ih%P+RoC}!j(B1lnkAPo0tiH)e%OD zYQI~)kdU8}!Efau=`CW`=THoSi4e&2 za+hmWv=A_9%jD9)lOI!JBesPjgqM!0*HbPHL;thHDkX>Q&&J?>(B5hme=wt+e5f5C zf4Tr}E2FgGinmEdWbb+Pdz%cb-SDQtLS}V2NJtya`59t-vibeHYI5}yJqQ^3(uUg6 zkH&+b?Xd%UTj!{+6vH3r)qM!Q{wj@5y}RA0YwQQKy?ac;+u?;@m}V@fJoTFqC2UCh zzI|9h*`*-XaeR}*B;SP{g}eSEoTy__KsU-h2tbd^?|RP-sbGcGC**(Hq$4f>GQ4s# z!is=Epq?kqk7xd|(UYe>ccrz8tZxAPY!?7^%})p!>o z-@FfnI9*P{{yK7WQe7n@FS#j&GGY>(S)k8DmE`T z`~{k%Y(dg?Sun~ckNVwC7mV95tFLd1U5kF?p&4?N4J+no5D@8^hh7&b;$&ohx+Ze8 z{EMhXp;Yu{{qh(yVx;bUlc!j&t9~S))T!6xOU4VV_9!3mT|PF$MMf@Z8=3ok@Zv#s zcF!MM##_5~nB|Csl%m7tiQU}P)aA|{x}SLEDOB>AbZYwNQ@m{jrbVQjEbx9YHK)8yo$ z8c-y=@|%O3OpI{MZQd(-9~(d3z%xe(24|~I$2wAy#>Gk7H}nz%KAfXQaw0A?G@ed1 z=Okr4K}!DwhgPMSsfdVmx~8vdm)xN%jnMgz1v`?W%^TAx6*kQJHXa~^v5^@uE(VNo zNF@EMG7)L8{3s5ux~K?&Ze6J~44LY>ySoh*`_IqMS?_U&C;qfcd{V{;C(OSsRBlHu z9Ec=EXiyIp`eNIuS-Z=5KJxHwNMNRwS<=Ft`(UI`XlsFTNme_?!Kd7GU}mpjk2!0O z;HI#-)?G9_JX~47{E$ODEziPDU!U~fYKL8T#oXf(>7+ArkHgRM^1__DfcuQL6n08P zjdJ+J=T4tUvSwln8V~G@)PNj(X;B)r zzi6Z+_@r4k%!(-3*kpv|FO#9-o44eQ_x@9=i-K0@T5BYhR7B>@j+mp-5vdDD{Twat z!!kX4ue7(DLfQmpK6SF@V921~ULvk%gEM5XMYXGqh-#-7%Ju}Xam${CUq~!Wxz-nJ z?Db@<$rtMr6d$u)X$@QTeIa2pXa~RmFRIb|C5f}gVgYd!WWpW*N-C}~q%@gJI`8u7hWW@@tzK$keeyYc zZ}jRRv5#_SM1-e8duC?l@x51`bY5&sSC?3p!^-cA-EoEfPd|R0-2HZp{&{PQq>Pu1 zq{Cse0GO^1qDJqB*Peb5w3wnMMW0H5Rv3906Z`TKt)8jz-@Z^f`^l)qFjnKH5BHz7 zzCNE5C8%zmb&&^iz7n$Lf$y5v+Q*U1A?UxBmUOdh7X0`W#byK!1#Jk#<|L)+@|hsF zHzWZdrUezL3H{-vkXZC@GS9A*l=^ut$mY7824Y#M)6l41_`HqIZ>3qic-QvOV_&qL z(KUu$J2WI~Vs8Ge_cM~^NzYf4JzA6YYo;N;jTsvFEHC_~d)_D9#-Nm{$-l0@7G&pU z{J@Y*&icwUF>RSXSg6v7e{$O1E8zUOWvwcknTcyYsGc@^-WS$RZ-NqHE0=VuTosVWC2 zS2`;>vW`A#e3SOk62$cuSD>boMoh!fO@5qWC~sT&&dtS^Z*-#8oXG;J>HHc%CdwK9 zS%DXE0Xu`Utq}m?LP5`NrFVmA8!7}SuDJ4>xshI~ zi^~Zcd=aZH54w$`!3_dP>WC64bY~soxV;uDv5J@gVMbE@o`0bh@Yl0Ecmhu%$}_N(!PG#)b@Z`o`8&E+)0{+3otpp76orPF(e!C9e6}c7 z_v7*!j~f1DBpBLZB5SB$$8F4e(DLei9WIL?xqJPt||!uCvz@OO3w$XV?;41ZKG z1bwmZAMPpk4)IN}xrvpUo(X)G0kA%Vn+~qW5n)z}>%clv$z5E^+fpi!ehk%ugAG|w ztP4RgK+`UVWf&Ga6O*78f$#AW$FihU`L2f8)RZl@{@?|C*}=0eRgUUn`psc2-M^?k zdcim7tL+kwQ0Zjub1#9H4R&pHNLHSr`QuA6nggvP)bnv3c<9dH_Vy()=b#NEb+)c( zHl0$x&BIhc{pI)2PBmJYX z>RTK10tDJGCT0aGF4)DY7-nOqp%>I6Te!Ny?}Hc_l(T-}8A}kc{KS)DiDvG|gI@gXPXU?5-5g@XIEm?w}z4G~T#WaR_vF zA%mN~GFYd&J6G+dZ%d5`qt1x&-b(HCZio8cb1S-jyeOp)i&)U#5I8vY6|Jc8hR0w} zx}7cqz{E9LU-87p1W=QA6O0Dp(AnkfrMiYy=_8dxAvKvO+hxEO5B9~JT~G6!L6=Tp z?*v)prsRsl2s`3JaiDdg#@6QJw>Aok4;+SCi4LnpIoWfKD66wFY~J%;))Jw{g|#=I z0|zGRl6;>I4PF5z!rh#>e+(c;8e3}=Z_ibQBsekLzV%%qm|~A^zQWvle%tKDFq&L_ zI~%gC0+hbs5y##U74E>n0n(qp-!m?P>A# zld1NjsFFWM1>fn7&C>3~{41I@f1e6rBmfW__kKd5drPlcoFr{PA5Q}1CqNu`_O{|Y z!H|G_fExn-Ek??rJwWn^R|A9s2|A|#t;npm*@*S%7Cg7RsU^K;>?X%bz5AN`|xivN|r)LEJ*qB~`P z`u~K{&zY2b?C9EOKAc zIDYn!+{tH&pNm6s&~dkk`)GU@HrSt@Catj{<;-5Y-~+$fh(wip97y zy{IUj_9#B_7~aj?=1P5gtk7Iur^8ia(T&k@D$3H4p@(~61jTjiF9ngjbWlg0DOX>ns1e}f1pQe+-nEj zhwNW2U73;4B<(a1;(xJ$yYl1o3#3OgH6w`$!&c>cjZo+X8s3Q)5qBCVa1oqRx{JU@ z3HnKUOpdps?~9Ihp|jz+U6RCv_6X8*Fa;?)L8t_93SH4Uz9Kj2grGyR{|~g^^F^$Q z6RzJEKj0%T-fiHBtwcNKqWu2OmK5$^RUnt$?{Gp-o9 z5QlSnj#j;A&6T1b?^tUA2%OJwrGB0SBntd6h`YO30kG1VQ$e(x*( zyP*yi>J=)O-B6jiWF~xTlPp zUx5!B5o~TBWo|HP@5|_KAyE6^0v8lPU8ZL*=Xi$8e6u+VYkOrZ&TRjBkma&j7BDVg z&L{LnSvP}4ax^Owy4kk$$Jh@pZDDSN7GbX9H>BPbUs@iE`;lh*3ZXZ8&M+3`jqI(6{G!h$o{XcR^yd@Z?3m`fG<X)M!c!xh9 z4>v-pJ)I_&9CdG?QXe#o#C*|;)hrwDQM(#XFzvUsm?RCi8J8B$a71oy0wdHv;Gv0L zA`wK)mtw`<@0r5MrQx3fENI0vp2IntDIumq8kqGMfPuos){>5H9jH_>#Gd#WJl9J9 zB4Qv{&S?)esGvQi$pX%mhMJth5YP2rsPyAMr-8wau*R@|N=@>=qaSck&S^Brt(@R% z8NVT?;)G>K#)Q3`!O8EJ1`QcgqKcGQF<9I$hN8x<2|0`88E>GscyrCMWCyMLSn^qj z^!JsOpqen7e%UHmyR6$S{_#2|$iyJrORVI-|0TbK@XV41_R^89tI_FhB_#rx1SFP-juG7VVu*Bq{W3E}FGRJD$9l5Sj$!aY*(OEc6R>=7WkAt4VL|0dr{7L73 znt;v8Io!IU2D#)He0g}0lD=p^r*WYhuTZ*Mqof_UI|wsfyw&4#)CyU^zdWd~MKLbM zdNMeLodvu%t0(>&_9>^SL065{on$H}^d@y6`pW*3vw+-djukU42}NH#od-yA^-6i+ z*BfNh#Gvmqmh=cXA}BfCngUwi`H=1~M|b(x!qHC;7q{U>D0k1T%Qh`N>cW`s7@lr* zyBV>+vKPehvcz+9>uf@MR@rXH`q75j!sK&M?--Od>sd(HdW@atLs1<28>#O4{@8q+ zO_1Yj-1Zzv|Ans%H+A~a`Xe%&xoy{J?s|%-6aM4!61$r!Z3!dU+Lsw*~bjYu+bC76GDHmh)qL7lZl&}nras{GxH@~ zQbk22WaGF02i>^O%}qI}Rsq0}v?0etY`pxx`pPQ7Lunp-M$s+Xl<%bx7fKB}0)7=X zmgsUgOV=wKM}q6y$f$3)QNU(y;Q{%x_SI=;oa8U3_@IpBb(N^zsQZV|eKsIbGyY<| zU4M+uobfjA=ESNVOwu9!(a=xsAw!&hebIpt%4uz|QGI{E8h|op_I}Y5d?q{Ug|EX+ zh!N!t%hyc^qR&5d_elq1YK2&pE|a5#0_)qaY_MmRfVHtbNg7Ieo*#%lsM*KEQt>R_ zGLq4dOB_cw?G7os^WswJWstk0bnR7lp3d?Cm(4Nakq%Ce{z7kFM>gEWbcgS`5f3v; zjE#LQUJfxHtk<;G7sB+3Cw!u+%#Dwh5;*KR$WexiW3ddU5Dy0Q`@TG^;#S+QiX+Z*Xh>MHlAq+k(32LCKMju1;@YD1J|0 zABBkih@@a-M3a$z3h9mUy||-Jl$F@TC0dnnD4~9w7KMBkfg$n2zoLDXGP+N<{1(#*e z4Kz7Jhp@i*3m_8iQ%gv#;6in~H7F5{^ZPz5uF7+`9DMO1M}R43GS(`db1>y0jOT*32<_~?)1z&WTU~BvVR+a+q zrdQDgCqKmdLUWc}(#xh<4k>C0zHgQ`$=U1jYLpA8dKy!uM$kf1_)X;RPj5l$u<_YZ*Aolwft%zGvilajclWo2a}KsJ0|GGdrFpKey|P-zC^ z?tHWs?Ks>!7$D%>DudZ*+AOicBBp3bx>)W0!(M)j{Db|$41>=pq}4f0h8&R)nGanq zU{kF;A@y}Nffqgv!u3m2F@qHn<-i%6`dHSkvLLi>P%+#;5A(k7A*wrQHsDSMsLHw2E>QZ1Q&j zabdvw7{-)m;M#{}^6g=lv$gT+!4-azm=7_Jn=~tWi(MFX=rw*O2jk-eVb-fuH5*s4np=D8= zdZCgF@){W&zQhGgPhPOsG;n>goiDY zQ7Q^SiRfDN?;68n|H&0&ezyRX&p3YRk)n5Xm82wolBvx%{>?yXmnC$Jxl`SKjd` zJfJIT9UCSZ+P!aX!!`@SOCCB*TDHc+Oc4G!qy=k(jwLtGp83iq#|FSqsK4VzNQ>ou z{R|y3Eufls#|y$3MnimMxzmH9`@Fb+6gP>#ekulZViz0YLwh5lV*?6F@Oc(!AaBcj zLkEaoaV<5uL5s2?Nox+gyL9~KpKjm_9g`M(l83h5RSxyVCC>8SPIpFhNyr;n9dV&0 zpH2GuC%ycsMn~c2bm)%iL;DRy1ZPB1cIg;WH8@n%woRxF_l!6D zjSLSXj=p{3HqYynrnaH~FA5a(&Umwx`>^f|$mHOa+j9oh8VQ68yiQh3CdiljrkBNppZ1cKC1#*xoFN&$uYsCgM zJ*2d|QH$7XHVI)=YudhPO@<(h{2gA2+hPG$^QiUeON}oKGZP~kPL8Di5ehJY?mb2G zDz{9yfU0+r>%rhd+o~nl*Pq2^1#yL6m9CLy?tuH;Aq@KT3@;siGDHVs zsVMYwTVvOI-6K@BMVSd|S)~`0Nk{Ry6Sk$8m?<`%@21Q;x04p|mpfh$Hh1DUyipepVsLx2iD;vvZU{)*ifXzi|;tPD} zfRfj=vlDPr?7f(bGzXjC^4!Z>i1SS-ehij#8iP>v!JQkI(36&$%JzR?>4!cnhu2Ii$xhz@R#prg-6#0ja8F zqzQyQE_H(BXC$red53KwZe$gfi_PmQAJnnn5r*91KxEJJgLw3i{VIvRG2I`@{PWuB z3iOe%GqJhKlmp!hjkCgL>OG>65LwjV^PHTEj1LyNQ@I33A@9iHE5)3mUgSsZcMhyl z-X?GYWEthQWS9OD-e0$;Gol4DM|O|%A}U=4JIIP(IW37aV9ANK<#<><{P=1;z^u_j z%sspg50O;Cf1jpJ+ey}XjuM51P-L}!aU~k)`@d6r*!jeFLl|x$$4l;d10oV&2TK)aK4>8cy&6piYyA^y5P6g)0GJ4QxAwycmjbl=dVVlUK=Yg*Z40N4|8HJCJ zdst3WY3d+t-0JNZF-Uwe^HG0AV2Ihwi|qSGe$k+&N0{-aCU=-2P+UteBYwq=LfBPcvMW877RsCIZ^DZ=&l=-brrv)jVY9`;AcYGF{{*oP< z)QUh6-N%_e4w;Cs<^-j1CZvXDWva-j_=OriU!W@n?*P~#cq*z_3XCPC2OYL0CIg-H zk|r4-$f$4VYzqQ~Y^OGEd1)nMwy1BrLL~;7@1sL{cYl9B_R7kND}wU-oc|D`al-@+s#aJl=#u;|jL`1zaor>3Ul<1#asi6tc^Cl0S39bLGAi#TPi{Gcb} ze~aFzX(=b26wqR!m>AP6&C^4U6r8eh(3d^8m(!me{w?wQbT)_Q=;>@CCFO}oWZgd3 zJPliiVv%#12cpv$mB)E#jOEoyPl(*E1?+%67mWyw{8BGfFX!xyB;ZQR-?#hj+kpG@ zaAOw@Y09K-=vCU0`P>>hJwBcI+C>*FzMLm_0HifFHJ!Z9dhv>?dbz)=AvVYU9|%I~ z2`)u}wDG)01rwVQA~LeI4@toV2U}0O-Kq#_Yz5{2DRTM!`z9QHsvEL3hb2)nKjc#( zwv)p&)_4oUnU|QmGTC_o?;NQJ*jzuJIr8rIk#3UoJvNeF{XV+N^f*k^4 z2;uJ-y%tu^GYCAg8LH2Y`y^bTsDr*X$BTTyL)tt0XlXVEQH~*7Ma{Gr;X)uOAQcG) zz)6E^Pf1lPI)1|ldyz?YNJ&c-?E{w?1=lud1?8lq&0jmDw5y2K0s=h{-f`Yg1iSBuc)igI>SVO!FP`=nRbM%k$G~ z_eEPq1|AJU5`;WlUiDoP3ke<~$9kO-L~Qo4j9cXdQ42EG8;OvjK!+-PHVr9_-c0V5 z)A**JgEL}@D7ut72n!2)9WD(-`}tMRC3fTo%CKbxPvDTJZoxVi8EacZiJ>AZGDISdjLE1oC9uS`(Lt?FqA8F@zP;Pr>919J9};;SEr zMNS=@f~5`-PyEI?j1DlZg|mXX1Y8B^0@0-@)a@a2(_H@qnOiL>1qjl6{T!l>_w3X^d)1$71X+QimqJw#3*jLaYP{~jjvMe{EdcG7)R`B^#4r3odlZ`* zhj8RsH|CK_b*&7wuOh^kFwL6%_wNG8+?)yX(*350eyTz&=|Kgndt6)P=O~D6I5`1J z`|^c1bCn_7Xrawjl%xTXOBUFspE*g438>JCif~Pt5w8=?a~cMwoqMmRAJIm|qoRs|IW%#ecumO3H_v9Wm} znP1uWEdTr%r5Mv(LTQq%AMGEHYmBztozoFP_E0?OIcx(Ml}eBsGb&OKV4y=ZoLH6~ zAxEfiy59UP^sP8xBQ}3C9U`8s@8OInD)=AAK&^-s(rBb79^py{n9)m2ePNlQKyWKy z>PsaUQwsU_`=qFb$OHT75v6rT9R1~^-Te#PnRw23z=Vt?vVt2l>mx)8y9hb6w7BSR zyx4R^?b+TSDWH`u^4IH|4b}CD66wt~RbhxER3eAElj)Xe1O+W9TN|dsE`GB1RQ1K4 zPHd(REm#0rkWA&(a?)4J1OH>WH7m&P-;H+)yBEsTut7Gr8T})H(?hVKZ^cTjHrMVg z8a~z@EM7MHNYoRId*#SKwqSlZ+1DCbB!m}%qQ^GWsBQ;L8$N#x4N+WQ*mKx26b0UP zkB*Xcn@LfeDKbb~LwMvG6DzktvD>_#uaisT(&PR1a1zk>j$(os*nS@nLSm6l1p~gV>wQ)^6Tb^nvDCLaHY}? z7{X1>K9ifmf<8W8P17ZYzW|$eoQ3k;36?ZELxjpl(f{>n2;&zZPBG?njF8kXanz{y zylYf9BzS9)hy*Z3+l*;&OMd3r4v2NPG8ap~=FL(=(o zbA&$yIU~$I1G!$iOWF~GVdL7!<_ApYu?YtA84y{4?R?!3%4^&5PqoNupY8Y8aJ@wBP;sS6J}v~*h&Hfwh^{HoE~fpy7d|%rVTcPGgdXDsBjhI`1aNS5(^bW*WxNPnLMHcMfJ{bW7!|E zbSF4Isb-|Cqa-z>6;;d!CT)6(Pbv1DiH65ExkCdWIaxV>&;t(VR!K`J$vza_AX0!- zjAT_MtYTk3i!7_(7`<{Y1JZ;XO(5$#aWUBZ2IantjEuA8%2|4=a(hpO_t6UMw*B<4X-m?Qp4E9K5N49if=P^$bXWP;KBLbY#^_BT|5v%fu z{~%SI>zEzICFwCOGP4u`tkRAk_~95kqrH9|DMYO}^^t@yBtyH&{pC;~H>Cv~U}tAH zef9$B=G<;WII@t$gZjG`pt|dqCqkO?4@V;o8OQ$CL=~i;amtPs+*0F;V(qMG57H&; zLQl?4W<#;Q_{IS35k*#Un?Bk69Pem83Q#a5wZd#|>|(IJw8TA5*_A!m;}R%j<1E&6 z$=p6?$-XZ`n5V{7GL#~0`aDGTx| zt!RVrmyx`|D|bFVAktOx!)bvCTy?pJEiSFpk0R!unds2P9$pYsxT#CR~DTRM81hX8C-=+mT8v+~4c(5IAxGO3PJ1<3zx zz{cUt!zi02eDS5a&J>ENo%zLAWy)P&7#0N2DXW6VJpyz(49GQrrTVQl0-XNZRSlI` ztKO(*5IH>!k$2s>IbqzGN&a%;_(lObX}ihVzl|a0k2iqmMIbk;v@uHrE&%}q$0`R- zm5>&aU$=ze9~~lpT14tLd-Tiv8AHTn*5|pWPk#8DGZOVOFvJ(WNV2SZiK4rTrWCP8 zH=uu)hteyS_r9Vz(orj>=HW-Rw-%q6XNy>T#ySyp^xkD&Fi!5h%96rDB!BngTG`dd zj|Q8*YOI=W)l-e->WB?Q*_(6Maro^Fzf1=i1o52Sh&GVK27Q=0ZEv2zD zr0GLUU9<2-2ceR)rGTzC-Pb4oO}_dUy0X+MJi?A385WCOtZyp+!-=6Vv;dF`E&`A3 zU+r!-k4@S>e-O1ZoQWO<=f9o z2Fd&EqQ1ZTx%b~^pE)yg@_WuabGFgv;)F?1tKaN)b3VUTf0Y<_cQJ4>iQ*^*cfHUwyl<&L- zUi92%sqxZQAC1Henr=|LVdFxDK&V$)C}a87Bd#M73V2P(nVSxv4hE5n`a!^61~;-z z>U|&@IjLW4aFeh)0CO|^LBs4#;J^v+%Z~sIVib?Mqxc86^P3K-5}vQxU*y;#0T2X=1b=ZZjy-K`Y%B*Up3~iM z841TPe@+!q+Z~3qTH3__hkz0I;GqBeL1b}HW@y{mwxoJ!$j*)(^;2w+j+R#9FA+Du zbliZuTL5^ixgPdqwQZ!lUs2Ir3>gTpvx&%FfOnr03z;{}h{)WLYNn`0?5k zN_TcNZ3UQo@(7E);D)$m(NUX8l@4Sb9$J2oNK6dnHit# zU}cL}V-A?juGN$2Xl^K9{apNdK5V24p93;OnFl)1n#Dt@zvY(7-v`TlKrzOq}Ty#MQv(?f4T4d%>0=1 zT~TBgl91@=Xjb6cgH58jxw&30tC7OxL>}`f)`a`dCn%Sz8Wq@e%JUv7rw9&Ec6N65 z#wH|~g>7tXEVJCZ=dWJ`oR|aoQyLONXVQj^zpi3{wI%qsxmEowNnG2;dnBVL|8yJK z?0oYs#C-(WZ6qg=%UH&d_o8?2|LQkVKWrFP$$25*$ln<4}<{&&)zJnA`$ z8R-vWLI`R2X|5O*60Ti?%3t}EN4aB#T=THb0LAM+x%RxlKi#`Vi9l39kt|b&!7wnD z==_Lh+#+>8*9j0-<34vJ-x5zWZ-=wnA>YhpNvp zJgi8xS{3FbYOJ@mX~cJPInoXEam2z5J`$!u?WKej8R72F*VNRA%vZ?5U|*yOOi13R z5qu(f)mc!*z`w<89U0d2RUUmdN3EGh805Q3RdrQc0I`e5qGg(NU_PjZETPAD%X!f> z;?@xn#l#fj3N0)^d>5f%I#cE%wl9C-cM9ARIM{S=h{ByPfA5U~B9c8Qmt!-Or%F;T z^IvTw>BE~vk42hyXy(qGE+XYYg&myacs4XXZw~u^Ma0&SQmefh*uzh4;C^hZsu4`V4Ac zT!c>wQZ-_QFZX==IHullFYmW{^`Z`mURdjwx%#Y2f}4G^F!`v{GW%i`qf$GjKM7cN%AP07bGNJv`@9eTQYt4}j)ScPS5~jwV`?@WQynj~` zlx{Em)Td9})5+u(Mt5KA@Lj2d;TumG3OLZ>o4hUuMSC26e3dNrZ~w9>=dD$AUMRBR zQXZW8bLYos+#29d`0gcR_{rR4XE zUMbs2^?wf#JbA`@WQ!}?@sxR$9iuwPeBSj#pQ7oEaeX)zsRx-NZVCaR6+SQjO+;@| zP%V4oavQ%Q7(=jkI-+BT!VdTt_;6J!(FFao?Ws73UMx_y)!-`lhM=X>j*uRr?MGQ+ z!LuVJyS9y9RfL!)uC!+3tK{^6_OCdUg2m|J!p_D0f`;3vTYgL#Cnvm!smw`9CmFa5 zW>T0+(+lRW942H&Z&tL0Rk3@kpO|Ps?Zw)N{hwi!Ms|7jo$imut#8r01b-;?JxU}2 zBUl&Sj1f;kJZeaK`|7sqh_dVPrpVzi7_6v&l7vG<r9q5wb_%V{vH<=Ez)5FPqloP#%PqL9NyGI^fNpaquGJY z$JS?joiA%O@$_7M$MmxVNQqG@nVP}5R51-3DEi7HhdZls*8LbbS7B>%~}Ls6T<9d732mR2wz3QuHgURIOgg zubUJcG+9Ri@>(sNG@}fN6WPm^`@aNKh#s+eF$=KF`9gr#SL|I z`KoOkuqpB#gEK?U9e>~p)~7R1O9_cL*cfMr9fb+Ked@l)Y$u2jt+(1io*_(0D)+0$ z&tH$$X@^GeB^39cG0YE9q=>qsy{M{RSqRnKT_0TheD+qNyji@?tdy9ZiZkRPWpBCd8AU+5buM(fwj3rk zSff?768*KbcE-F>)YDN9mC>w8b2EEPnkqQD`rgc>5|tCtH7JAml(n2|@N&X%wX$K~ zb5|yrUlMiQzaNy^MnuCA-O^m2k+{Xea%LNZ*hup`+9@W(=;o*%___bQg5-S*y8`~f zR#~z2Z%Q{Ewkt6XEKGcvpOG#vg~IojiZnfiZmByxiXa>hk7J!#cx(n$-ku3A`Yaq$ z(%x|8o(^2v^jz-qZHu75WcKdzsf}zx#(MLk{0$-vkDiu% zqd52H<7I_$V-+6!OygD=5Suwj@y!+Lp=83{P9+t4K2ba#5o?1bZYnnVKKjPm!=?;9 zUBtewd2{asQIsefk5QhC z(`ih~pX6vS$k-UU56M?<`{xxpBzjCC~80-LR$SS=aSG|08)?nXLoxv|S4GQ19Y5?GDA5t$o zZXepBP36LehllZajnW|y2>#pY9QYcY1QwL5AAvx~h&PqL+-|(O)a8?QbafSIECM=e z?RQfzi|Yc7=8(3&>YT@wBQrkvNZL64ddP?3;^O;${ANAmi~aXkCh3te;tNouxCDm0!*XmJFHhOfBT=66n{;aCufx;(exzVO9N_$24w-AqI4l?H|mE&j46 z3oxWZJQXZxy+t~3FX)Qf7yIgWpD$|F7a#P|ZOT;!$l)j@tcvmw@EZ{RN9hqj$z^k* zRXl5ypd9(-;PQ4;bF&{(PP|WQRR#d%HEwWa{<{rWYG%Ib$ipANcdg{`7NoSG%9b&a zZLCmqn-g@Kqm6OYEY0a{WAKzru71=KURD6>b5we*BKhiu=V=(O!r z?QqF64Gn_vgt)lRT$T4*doP1fGsz8w4@V`i>KrFhb}6Nj=Ox-7ZW9#b8L@8Hv*KWSMIb$RO3BOgQvfP31(?qt&ksCz5t8 z6+=+^T32xf0fp8-4!f2?1Rw(liq*l|z+td#O8%7!iW)u2 z!5DEqgjyD_;Nq#Qoc=awQ{h|TBvY-i>Ad$)*ZKMNkHz*Q=j7&68yW6#f>txUm5Huv zkR)}4(3{~UhTHNcq#DhF za>EP)mk~I!N>>YoHf2*g#A`BI8B5E{N!yF**UA7Z8Z`?>OVQaP*i~UxKiY}@;{QWJ z&;{3b4Mr21W3!g*%_BV*&;xe%I$k>#~D%jvc#s&iPb6geP8CxesL0=*JM+!)IH`=6YgoiPB&EM8YeMyA~dxJf~d z7wps6@H8oykEd!*C;sO`Sz)6i*wLS8r-LP9V-M=~;PKbE`!kw6TQs1iAu53<`>&(r zJU)L3-oB^D9`A969Uz3gLd!B2`}@=prAB^5JU^#}Ad=Cc@2D#)Pt(@F@_rvXa=f_l zdH1#9i7lfOIuzb4_uG5NmMa}AskT0cd zw9{Gp&S;;itI1tlT&T_tESa8?d4+G%sn0DhhCY08cm8w6rcwv~$)UsDpKmU;HwGxSSNNPGJY`c!akOWRGqw;JeoW}a+J)uT;oprtT44rIgL(5>TEgC4oDM*yGb3l(>$ zgUlj{kESiY7UiNFGLC(F;6y{a|et+CyQ$OuOqXt@HmFTx5qs=eG46>(@0DBi-_N!8!o!(Vu_6lfeVZcdd7r*l+ z!o22emfpia#a3!PNpg_q?ss*4HcklRu@RSiam&d2Nci{2r}}*qx<#XvqRRJVAIFeR zV9GCl%SKrz9qlvyc3YYPYG#~O;Za(;M$0ET>JHxb>6vjZ@Obg{7;N!Ql?Er#KZ&#q zbz3~u)J*ox(f7~t_9Y@F?)5$16OS8+si3I*iUC{Vt4Q@Sgt-Lr1@2<+DmYR%Jf-j9 z+H+}Nv90yIvE@(YlFiHj%Wd_~=9aVRdlp|w@@P{y#dF$URyIex|7A->+xL*df|$yu zp~b(=?YA@cw5I6w@?wM}YiPUh{f+NBY_%JgKJ3?d5(~`~&V_objjklR67-?$TS}aN zHWy!cYF?4BNGab-L(K8&YhGrIHq54rFy22VG=e|uk#f28nTSev}%gd7mk`{ zu1(V^l2{jCyhi4c=Q7eyk+5GvUCK zrl*H{ESkbeTg~47dp?J*rd54~4<5&?vQ_e6?X>JDbfN%ViAwI`6({q}1Y$Bn&msN5 zGog2*Q5Jef3^R8#Hs;mFEZBDk_T(sk-U<5^wU({=oJJ%3e6MMbbja;-uEcegFGq$-XWFVA_pB@?WkHdA!)^lxEe5?m9$_azjW$Cbd4`vbf_V2^ zJ;EDhhcY|K&5ff$JfnukD~_BN_K(*qy0R@7Q>}%7#I^lR3}fOFRfJ+zb!R zRss~xKE>&20nYg?O@9`IAvMD9wP%4AR?FUL)plX*$Z4#?Z)r-=R?1GPvyAVlpzGEX z+EnBJct7K5{sFy)8;4BkZ^;Voq{lx>%o~K*`Jh_0y=_0zEq20t+Hliagy0|9sR_n5o z<84X)iu7^bv3)6uoCGr`UkVhf4S1G~s_JvPP1(GnM4{Eh=-KyvihcoqH`;#NVV6{o zZ4rd!gy*eT!BX#uPGKQ`vfRRzBIrm>Hdyv#=b)8F;HALu?7*?=3D7f3!5K%{5#m_p z&@?UeVypExKMLmHd!#QJgxHM2_riPyIqexn=UvLT3%2X>OM?1N1@&s5hrPw$&OV)q zxtf9m0zH(!Fg}Z(6jN$Wqx=?AsOmY&iAtty(mOfzCh;_TlQ}L&eK~J8-#MZ^azp#h zluN&)ht?1^8KM;KHD{ggp0)DB3mn|@ICKV8Pl3PTx;@`P(tUrhFg^Q+&x7i>$+y5F z^5oTLHb=Yn(Wzr=@>a+rk&p+*ZOJWVC{zfbG;NOdrN^XDRF0Oq&4bQ8qC@DLQt{l$ zRbGd26i65V%sG81s?ZK)3x^QFN&6qjqla8$H&-16+q)^e49xxP8}xQrp+RjZd>kU8 zln5Fy!oW-t#BUFG=Lb?1ApfIs@eV)i2ra90h8t?G)exZ8aj^9mG!j`XK4_$D#40Ft zomrI;c!C(%`!U?S4sjLFEm3fE`{Tv^BnT;-w0P>>e*1;!40yY>69vu>UBREG zdQtUydx>RaWb7Ot%X)a6vQz()9`TQREk}<3BTpHhjus7f=kgr;A zq$;2R<=0i=RTmw}>Du1*Sugx@Y>TKk1IXbV(lbVzVa6~wd#j#t zl-~Fg^?Zan3zyi>KkygCZJ1CB?yec+%ruXxM1?aVL+~v{k+Kh18#orc>-B0k@81ug4I5Ozi_`n zyhX`Od%4AEQE%dNP~0XXm0+%(AGE=S+;PPjh=pj0%@B`3@i!!2@AkB)greNK6cip$ zMkNFt0nEm{0luO9MnZKg)zt28v}1CPoR`(s7ky*{>7)3#Gv1# za;XB5gED%2Eb)x-42)XXQ(v=3lD*g()!)`refCGMG!@8T-BxhJalvU+3m_A-c~w6f z)$voNxbK=$ySQg;36{qIp*N_J zYBPPfLH81})USUu`MNfRf(Zz?!8uJ^N0Qm*VV*DWKU6p5rIlfyB@O)l4|WM! AH~;_u literal 0 HcmV?d00001 diff --git a/rm-community/documentation/extendedPermissionService.md b/rm-community/documentation/security/extendedPermissionService.md similarity index 100% rename from rm-community/documentation/extendedPermissionService.md rename to rm-community/documentation/security/extendedPermissionService.md diff --git a/rm-community/documentation/security/rolesAndCapabilities.md b/rm-community/documentation/security/rolesAndCapabilities.md new file mode 100644 index 0000000000..c3372d5b1c --- /dev/null +++ b/rm-community/documentation/security/rolesAndCapabilities.md @@ -0,0 +1,41 @@ +## Alfresco Governance Services' Roles and Capabilities + +![Completeness Badge](https://img.shields.io/badge/Document_Level-InProgress-yellow.svg?style=flat-square) + +![Version Badge](https://img.shields.io/badge/Version-Current-blue.svg?style=flat-square) + +### Purpose + +Roles and capabilities allow the GS system to provide a finer grain security evaluation, determining whether an authority has the capability to perform a perticular action on a node. + +### Overview + +Roles are defined as a collection of capabilities. A capability, generally, has a one to one relationship with an action within the system. + +Authorities are assigned roles. If an authority is assigned to a role then it that authority has the capabilities contained within that role, allowing them to perform the related actions. + +An authority can be assigned many roles, with the associated capabilities being additive. + +Capabilties are evaluated in addition to any ACLs attached to a node, but they are mutally exclusive. A authority may have the capability, but not the permissions on a node and vice versa. + +### Design + +Roles are implementented as groups. So for every role that is created, there is a corresponding group within the system. + +Capabilities are implemented as permissions. In order add a new capability to the system, the extended RM permission model needs to be extended. + +When a capability is added to a role, then the capability group is assigned the capability role on the root file plan node. + +In this way the permissions of the systems roles reflect their capabilities on the file plan via the capability permissions assigned. + +When an authority is assigned to a role, that authority is added as a member of the corresponding role group. In this way they inherit the capability permissions on the file plan that relate to that role group. + +If a user attempts to perform an action on a records management artifact which has a related capability. Assuming the user has permission to see the artifact in the first place, then the users capability to perform the action is evaluated. + +This is done by firstly determining whether the capability is relevant for this 'kind' of records management artifact. For example the addHold capability is not relevant for a record category. + +Then the capability permission is evaluated by traversing to the file plan node and checking whether the current user has the capabilty permission byt virtue of it's membership of the right role group. + +Finally any further conditions attached to the capability are evaluated. + +![](../resource/image/CapabilitiesAndRoles.png) \ No newline at end of file