Roles

[fiona-june-leathers]

A role defines the commands which commands Harvest allows a user to run.

Every command (and subcommand) should include a list of acceptable role names.

Unauthorized errors should be specific that the command cannot be executed because it is not in the role, optionally providing a list of expected roles.

Examples

{
    "role": "HarvestAdmin"
    "commands": [
    ]
    "inherits": [
        "HarvestUserAdmin",
        "HarvestRoleAdmin"
    ]
}

{
    "role": "HarvestUserAdmin"
    "commands": [
         "users.*"
    ]
}

• [ ] Any - this command can be executed by anyone (default)
• [ ] HarvestAdmin - inherits all roles
• [ ] HarvestUserAdmin - can modify users and run harvest.user reports
• [ ] HarvestRoleAdmin - can modify role assignments and inheritance and run harvest.role reports