Правила ACL для ресурсов

Инструмент командной строки onevm

Команда	Запрос XML-RPC	Правило ACL
`deploy`	one.vm.deploy	VM:ADMIN
`deploy`	one.vm.deploy	HOST:MANAGE
`boot`	one.vm.action	VM:MANAGE
`terminate`
`suspend`
`hold`
`stop`
`resume`
`release`
`poweroff`
`reboot`
`resched`	one.vm.action	VM:ADMIN
`unresched`	one.vm.action	VM:ADMIN
`migrate`	one.vm.migrate	VM:ADMIN
`migrate`	one.vm.migrate	HOST:MANAGE
`disk-saveas`	one.vm.disksaveas	VM:MANAGE
`disk-saveas`	one.vm.disksaveas	IMAGE:CREATE
`disk-snapshot-create`	one.vm.disksnapshotcreate	VM:MANAGE
`disk-snapshot-create`	one.vm.disksnapshotcreate	IMAGE:MANAGE
`disk-snapshot-delete`	one.vm.disksnapshotdelete	VM:MANAGE
`disk-snapshot-delete`	one.vm.disksnapshotdelete	IMAGE:MANAGE
`disk-snapshot-revert`	one.vm.disksnapshotrevert	VM:MANAGE
`disk-snapshot-rename`	one.vm.disksnapshotrename	VM:MANAGE
`disk-attach`	one.vm.attach	VM:MANAGE
`disk-attach`	one.vm.attach	IMAGE:USE
`disk-detach`	one.vm.detach	VM:MANAGE
`disk-resize`	one.vm.diskresize	VM:MANAGE
`nic-attach`	one.vm.attachnic	VM:MANAGE
`nic-attach`	one.vm.attachnic	NET:USE
`nic-detach`	one.vm.detachnic	VM:MANAGE
`create`	one.vm.allocate	VM:CREATE
		IMAGE:USE
		NET:USE
`show`	one.vm.info	VM:USE
`chown`	one.vm.chown	VM:MANAGE
`chgrp`		[USER:MANAGE]
`chgrp`		[GROUP:USE]
`chmod`	one.vm.chmod	VM:<MANAGE/ADMIN>
`rename`	one.vm.rename	VM:MANAGE
`snapshot-create`	one.vm.snapshotcreate	VM:MANAGE
`snapshot-delete`	one.vm.snapshotdelete	VM:MANAGE
`snapshot-revert`	one.vm.snapshotrevert	VM:MANAGE
`resize`	one.vm.resize	VM:MANAGE
`update`	one.vm.update	VM:MANAGE
`recover`	one.vm.recover	VM:ADMIN
`save`	– (ruby method)	VM:MANAGE
		IMAGE:CREATE
		TEMPLATE:CREATE
`updateconf`	one.vm.updateconf	VM:MANAGE
`list top`	one.vmpool.info	VM:USE
`list`	one.vmpool.infoextended	VM:USE
`–`	one.vm.monitoring	VM:USE
`lock`	one.vm.lock	VM:MANAGE
`unlock`	one.vm.unlock	VM:MANAGE

Инструмент командной строки onetemplate

Команда	Запрос XML-RPC	Правило ACL
`update`	one.template.update	TEMPLATE:MANAGE
`instantiate`	one.template.instantiate	TEMPLATE:USE
		[IMAGE:USE]
		[NET:USE]
`create`	one.template.allocate	TEMPLATE:CREATE
`clone`	one.template.clone	TEMPLATE:CREATE
`clone`	one.template.clone	TEMPLATE:USE
`delete`	one.template.delete	TEMPLATE:MANAGE
`chown`	one.template.chown	TEMPLATE:MANAGE
`chgrp`		[USER:MANAGE]
`chgrp`		[GROUP:USE]
`chmod`	one.template.chmod	TEMPLATE:<MANAGE/ADMIN>
`rename`	one.template.rename	TEMPLATE:MANAGE
`list`	one.templatepool.info	TEMPLATE:USE
`top`	one.templatepool.info	TEMPLATE:USE
`lock`	one.template.lock	TEMPLATE:MANAGE
`unlock`	one.template.unlock	TEMPLATE:MANAGE

Инструмент командной строки onehost

Команда	Запрос XML-RPC	Правило ACL
`enable`	one.host.status	HOST:ADMIN
`disable`
`offline`
`update`	one.host.update	HOST:ADMIN
`create`	one.host.allocate	HOST:CREATE
`create`	one.host.allocate	[CLUSTER:ADMIN]
`delete`	one.host.delete	HOST:ADMIN
`rename`	one.host.rename	HOST:ADMIN
`show`	one.host.info	HOST:USE
`list top`	one.hostpool.info	HOST:USE

Инструмент командной строки onecluster

Команда	Запрос XML-RPC	Правило ACL
`create`	one.cluster.allocate	CLUSTER:CREATE
`delete`	one.cluster.delete	CLUSTER:ADMIN
`update`	one.cluster.update	CLUSTER:MANAGE
`addhost`	one.cluster.addhost	CLUSTER:ADMIN
`addhost`	one.cluster.addhost	HOST:ADMIN
`delhost`	one.cluster.delhost	CLUSTER:ADMIN
`delhost`	one.cluster.delhost	HOST:ADMIN
`adddatastore`	one.cluster.adddatastore	CLUSTER:ADMIN
`adddatastore`	one.cluster.adddatastore	DATASTORE:ADMIN
`deldatastore`	one.cluster.deldatastore	CLUSTER:ADMIN
`deldatastore`	one.cluster.deldatastore	DATASTORE:ADMIN
`addvnet`	one.cluster.addvnet	CLUSTER:ADMIN
`addvnet`	one.cluster.addvnet	NET:ADMIN
`delvnet`	one.cluster.delvnet	CLUSTER:ADMIN
`delvnet`	one.cluster.delvnet	NET:ADMIN
`rename`	one.cluster.rename	CLUSTER:MANAGE
`show`	one.cluster.info	CLUSTER:USE
`list`	one.clusterpool.info	CLUSTER:USE

Инструмент командной строки onegroup

Команда	Запрос XML-RPC	Правило ACL
`create`	one.group.allocate	GROUP:CREATE
`delete`	one.group.delete	GROUP:ADMIN
`show`	one.group.info	GROUP:USE
`update`	one.group.update	GROUP:MANAGE
`addadmin`	one.group.addadmin	GROUP:MANAGE
`addadmin`	one.group.addadmin	USER:MANAGE
`deladmin`	one.group.deladmin	GROUP:MANAGE
`deladmin`	one.group.deladmin	USER:MANAGE
`quota`	one.group.quota	GROUP:ADMIN
`list`	one.grouppool.info	GROUP:USE
`–`	one.groupquota.info	–
`defaultquota`	one.groupquota.update	Для пользователей входящих в группу oneadmin

Инструмент командной строки onevdc

Команда	Запрос XML-RPC	Правило ACL
`create`	one.vdc.allocate	VDC:CREATE
`rename`	one.vdc.rename	VDC:MANAGE
`delete`	one.vdc.delete	VDC:ADMIN
`update`	one.vdc.update	VDC:MANAGE
`show`	one.vdc.info	VDC:USE
`list`	one.vdcpool.info	VDC:USE
`addgroup`	one.vdc.addgroup	VDC:ADMIN
`addgroup`	one.vdc.addgroup	GROUP:ADMIN
`delgroup`	one.vdc.delgroup	VDC:ADMIN
`delgroup`	one.vdc.delgroup	GROUP:ADMIN
`addcluster`	one.vdc.addcluster	VDC:ADMIN
		CLUSTER:ADMIN
		ZONE:ADMIN
`delcluster`	one.vdc.delcluster	VDC:ADMIN
		CLUSTER:ADMIN
		ZONE:ADMIN
`addhost`	one.vdc.addhost	VDC:ADMIN
		HOST:ADMIN
		ZONE:ADMIN
`delhost`	one.vdc.delhost	VDC:ADMIN
		HOST:ADMIN
		ZONE:ADMIN
`adddatastore`	one.vdc.adddatastore	VDC:ADMIN
		DATASTORE:ADMIN
		ZONE:ADMIN
`deldatastore`	one.vdc.deldatastore	VDC:ADMIN
		DATASTORE:ADMIN
		ZONE:ADMIN
`addvnet`	one.vdc.addvnet	VDC:ADMIN
		NET:ADMIN
		ZONE:ADMIN
`delvnet`	one.vdc.delvnet	VDC:ADMIN
		NET:ADMIN
		ZONE:ADMIN

Инструмент командной строки onevnet

Команда	Запрос XML-RPC	Правило ACL
`addar`	one.vn.add_ar	NET:ADMIN
`rmar`	one.vn.rm_ar	NET:ADMIN
`free`	one.vn.free_ar	NET:MANAGE
`reserve`	one.vn.reserve	NET:USE
`updatear`	one.vn.update_ar	NET:MANAGE
`hold`	one.vn.hold	NET:MANAGE
`release`	one.vn.release	NET:MANAGE
`update`	one.vn.update	NET:MANAGE
`create`	one.vn.allocate	NET:CREATE
`create`	one.vn.allocate	[CLUSTER:ADMIN]
`delete`	one.vn.delete	NET:MANAGE
`show`	one.vn.info	NET:USE
`chown`	one.vn.chown	NET:MANAGE
`chgrp`		[USER:MANAGE]
`chgrp`		[GROUP:USE]
`chmod`	one.vn.chmod	NET:<MANAGE/ADMIN>
`rename`	one.vn.rename	NET:MANAGE
`list`	one.vnpool.info	NET:USE
`lock`	one.vn.lock	NET:MANAGE
`unlock`	one.vn.unlock	NET:MANAGE

Инструмент командной строки oneuser

Команда	Запрос XML-RPC	Правило ACL
`create`	one.user.allocate	USER:CREATE
`delete`	one.user.delete	USER:ADMIN
`show`	one.user.info	USER:USE
`passwd`	one.user.passwd	USER:MANAGE
`login`	one.user.login	USER:MANAGE
`update`	one.user.update	USER:MANAGE
`chauth`	one.user.chauth	USER:ADMIN
`quota`	one.user.quota	USER:ADMIN
`chgrp`	one.user.chgrp	USER:MANAGE
`chgrp`	one.user.chgrp	GROUP:MANAGE
`addgroup`	one.user.addgroup	USER:MANAGE
`addgroup`	one.user.addgroup	GROUP:MANAGE
`delgroup`	one.user.delgroup	USER:MANAGE
`delgroup`	one.user.delgroup	GROUP:MANAGE
`enable`	one.user.enable	USER:ADMIN
`disable`	one.user.enable	USER:ADMIN
`encode`	–	–
`list`	one.userpool.info	USER:USE
`–`	one.userquota.info	–
`defaultquota`	one.userquota.update	Для пользователей входящих в группу oneadmin

Инструмент командной строки onedatastore

Команда	Запрос XML-RPC	Правило ACL
`create`	one.datastore.allocate	DATASTORE:CREATE
`create`	one.datastore.allocate	[CLUSTER:ADMIN]
`delete`	one.datastore.delete	DATASTORE:ADMIN
`show`	one.datastore.info	DATASTORE:USE
`update`	one.datastore.update	DATASTORE:MANAGE
`rename`	one.datastore.rename	DATASTORE:MANAGE
`chown`	one.datastore.chown	DATASTORE:MANAGE
`chgrp`		[USER:MANAGE]
`chgrp`		[GROUP:USE]
`chmod`	one.datastore.chmod	DATASTORE:<MANAGE / ADMIN>
`enable`	one.datastore.enable	DATASTORE:MANAGE
`disable`	one.datastore.enable	DATASTORE:MANAGE
`list`	one.datastorepool.info	DATASTORE:USE

Инструмент командной строки oneimage

Команда	Запрос XML-RPC	Правило ACL
`persistent`	one.image.persistent	IMAGE:MANAGE
`nonpersistent`	one.image.persistent	IMAGE:MANAGE
`enable`	one.image.enable	IMAGE:MANAGE
`disable`	one.image.enable	IMAGE:MANAGE
`chtype`	one.image.chtype	IMAGE:MANAGE
`snapshot-delete`	one.image.snapshotdelete	IMAGE:MANAGE
`snapshot-revert`	one.image.snapshotrevert	IMAGE:MANAGE
`snapshot-flatten`	one.image.snapshotflatten	IMAGE:MANAGE
`update`	one.image.update	IMAGE:MANAGE
`create`	one.image.allocate	IMAGE:CREATE
`create`	one.image.allocate	DATASTORE:USE
`clone`	one.image.clone	IMAGE:CREATE
		IMAGE:USE
		DATASTORE:USE
`delete`	one.image.delete	IMAGE:MANAGE
`show`	one.image.info	IMAGE:USE
`chown`	one.image.chown	IMAGE:MANAGE
`chgrp`		[USER:MANAGE]
`chgrp`		[GROUP:USE]
`chmod`	one.image.chmod	IMAGE:<MANAGE / ADMIN>
`rename`	one.image.rename	IMAGE:MANAGE
`list`	one.imagepool.info	IMAGE:USE
`top`	one.imagepool.info	IMAGE:USE
`lock`	one.image.lock	IMAGE:MANAGE
`unlock`	one.image.unlock	IMAGE:MANAGE

Инструмент командной строки onemarket

Команда	Запрос XML-RPC	Правило ACL
`update`	one.market.update	MARKETPLACE:MANAGE
`create`	one.market.allocate	MARKETPLACE:CREATE
`delete`	one.market.delete	MARKETPLACE:MANAGE
`show`	one.market.info	MARKETPLACE:USE
`chown`	one.market.chown	MARKETPLACE:MANAGE
`chgrp`		[USER:MANAGE]
`chgrp`		[GROUP:USE]
`chmod`	one.market.chmod	MARKETPLACE:<MANAGE / ADMIN>
`rename`	one.market.rename	MARKETPLACE:MANAGE
`enable`	one.market.enable	MARKETPLACE:MANAGE
`disable`	one.market.enable	MARKETPLACE:MANAGE
`list`	one.marketpool.info	MARKETPLACE:USE

Инструмент командной строки onemarketapp

Команда	Запрос XML-RPC	Правило ACL
`create`	one.marketapp.allocate	MARKETPLACEAPP:CREATE
`create`	one.marketapp.allocate	MARKETPLACE:USE
`export`	– (ruby method)	MARKETPLACEAPP:USE
		IMAGE:CREATE
		DATASTORE:USE
		[TEMPLATE:CREATE]
`download`	– (ruby method)	MARKETPLACEAPP:USE
`enable`	one.marketapp.enable	MARKETPLACEAPP:MANAGE
`disable`	one.marketapp.enable	MARKETPLACEAPP:MANAGE
`update`	one.marketapp.update	MARKETPLACEAPP:MANAGE
`delete`	one.marketapp.delete	MARKETPLACEAPP:MANAGE
`show`	one.marketapp.info	MARKETPLACEAPP:USE
`chown`	one.marketapp.chown	MARKETPLACEAPP:MANAGE
`chgrp`		[USER:MANAGE]
`chgrp`		[GROUP:USE]
`chmod`	one.marketapp.chmod	MARKETPLACEAPP:<MANAGE / ADMIN>
`rename`	one.marketapp.rename	MARKETPLACEAPP:MANAGE
`list`	one.marketapppool.info	MARKETPLACEAPP:USE
`lock`	one.marketapp.lock	MARKETPLACEAPP:MANAGE
`unlock`	one.marketapp.unlock	MARKETPLACEAPP:MANAGE

Инструмент командной строки onevrouter

Команда	Запрос XML-RPC	Правило ACL
`create`	one.vrouter.allocate	VROUTER:CREATE
`update`	one.vrouter.update	VROUTER:MANAGE
`instantiate`	one.vrouter.instantiate	TEMPLATE:USE
		[IMAGE:USE]
		[NET:USE]
`nic-attach`	one.vrouter.attachnic	VROUTER:MANAGE
`nic-attach`	one.vrouter.attachnic	NET:USE
`nic-detach`	one.vrouter.detachnic	VROUTER:MANAGE
`delete`	one.vrouter.delete	VROUTER:MANAGE
`show`	one.vrouter.info	VROUTER:USE
`chown`	one.vrouter.chown	VROUTER:MANAGE
`chgrp`		[USER:MANAGE]
`chgrp`		[GROUP:USE]
`chmod`	one.vrouter.chmod	VROUTER:<MANAGE/ADMIN>
`rename`	one.vrouter.rename	VROUTER:MANAGE
`list`	one.vrouterpool.info	VROUTER:USE
`top`	one.vrouterpool.info	VROUTER:USE
`lock`	one.vrouter.lock	VROUTER:MANAGE
`unlock`	one.vrouter.unlock	VROUTER:MANAGE

Инструмент командной строки onezone

Команда	Запрос XML-RPC	Правило ACL
`create`	one.zone.allocate	ZONE:CREATE
`rename`	one.zone.rename	ZONE:MANAGE
`update`	one.zone.update	ZONE:MANAGE
`delete`	one.zone.delete	ZONE:ADMIN
`show`	one.zone.info	ZONE:USE
`list`	one.zonepool.info	ZONE:USE
`set`	–	ZONE:USE

Инструмент командной строки onesecgroup

Команда	Запрос XML-RPC	Правило ACL
`create`	one.secgroup.allocate	SECGROUP:CREATE
`clone`	one.secgroup.clone	SECGROUP:CREATE
`clone`	one.secgroup.clone	SECGROUP:USE
`delete`	one.secgroup.delete	SECGROUP:MANAGE
`chown`	one.secgroup.chown	SECGROUP:MANAGE
`chgrp`		[USER:MANAGE]
`chgrp`		[GROUP:USE]
`chmod`	one.secgroup.chmod	SECGROUP:<MANAGE / ADMIN>
`update`	one.secgroup.update	SECGROUP:MANAGE
`commit`	one.secgroup.commit	SECGROUP:MANAGE
`rename`	one.secgroup.rename	SECGROUP:MANAGE
`show`	one.secgroup.info	SECGROUP:USE
`list`	one.secgrouppool.info	SECGROUP:USE

Инструмент командной строки onevmgroup

Команда	Запрос XML-RPC	Правило ACL
`create`	one.vmgroup.allocate	VMGROUP:CREATE
`delete`	one.vmgroup.delete	VMGROUP:MANAGE
`chown`	one.vmgroup.chown	VMGROUP:MANAGE
`chgrp`		[USER:MANAGE]
`chgrp`		[GROUP:USE]
`chmod`	one.vmgroup.chmod	VMGROUP:<MANAGE / ADMIN>
`update`	one.vmgroup.update	VMGROUP:MANAGE
`rename`	one.vmgroup.rename	VMGROUP:MANAGE
`show`	one.vmgroup.info	VMGROUP:USE
`list`	one.vmgrouppool.info	VMGROUP:USE
`lock`	one.vmgroup.lock	VMGROUP:MANAGE
`unlock`	one.vmgroup.unlock	VMGROUP:MANAGE

Работа с документами

Запрос XML-RPC	Правило ACL
one.document.update	DOCUMENT:MANAGE
one.document.allocate	DOCUMENT:CREATE
one.document.clone	DOCUMENT:CREATE
one.document.clone	DOCUMENT:USE
one.document.delete	DOCUMENT:MANAGE
one.document.info	DOCUMENT:USE
one.document.chown	DOCUMENT:MANAGE
	[USER:MANAGE]
	[GROUP:USE]
one.document.chmod	DOCUMENT:<MANAGE / ADMIN>
one.document.rename	DOCUMENT:MANAGE
one.document.lock	DOCUMENT:MANAGE
one.document.unlock	DOCUMENT:MANAGE
one.documentpool.info	DOCUMENT:USE
one.document.lock	DOCUMENT:MANAGE
one.document.unlock	DOCUMENT:MANAGE

Инструмент командной строки oneacl

Команда	Запрос XML-RPC	Правило ACL
`create`	one.acl.addrule	ACL:MANAGE
`delete`	one.acl.delrule	ACL:MANAGE
`list`	one.acl.info	ACL:MANAGE

Инструмент командной строки onevntemplate

Команда	Запрос XML-RPC	Правило ACL
`update`	one.vntemplate.update	VNTEMPLATE:MANAGE
`instantiate`	one.vntemplate.instantiate	VNTEMPLATE:USE
`create`	one.vntemplate.allocate	VNTEMPLATE:CREATE
`clone`	one.vntemplate.clone	VNTEMPLATE:CREATE
`clone`	one.vntemplate.clone	VNTEMPLATE:USE
`delete`	one.vntemplate.delete	VNTEMPLATE:MANAGE
`show`	one.vntemplate.info	VNTEMPLATE:USE
`chown`	one.vntemplate.chown	VNTEMPLATE:MANAGE
`chgrp`		[USER:MANAGE]
`chgrp`		[GROUP:USE]
`chmod`	one.vntemplate.chmod	VNTEMPLATE:<MANAGE/ADMIN>
`rename`	one.vntemplate.rename	VNTEMPLATE:MANAGE
`list`	one.vntemplatepool.info	VNTEMPLATE:USE
`top`	one.vntemplatepool.info	VNTEMPLATE:USE
`lock`	one.vntemplate.lock	VNTEMPLATE:MANAGE
`unlock`	one.vntemplate.unlock	VNTEMPLATE:MANAGE

Инструмент командной строки onehook

Команда	Запрос XML-RPC	Правило ACL
`update`	one.hook.update	HOOK:MANAGE
`create`	one.hook.allocate	HOOK:CREATE
`delete`	one.hook.delete	HOOK:MANAGE
`show`	one.hook.info	HOOK:USE
`rename`	one.hook.rename	HOOK:MANAGE
`list`	one.hook.info	HOOK:USE
`top`	one.hook.info	HOOK:USE
`lock`	one.hook.lock	HOOK:MANAGE
`unlock`	one.hook.unlock	HOOK:MANAGE
`retry`	one.hook.unlock	HOOK:MANAGE
`log`	one.hooklog.info	HOOK:-