Lines Matching full:privilege

21 The Redfish authorization model consists of the privilege model and the
22 operation-to-privilege mapping.
24 In the privilege model, there are fixed set of standard Redfish roles and each
30 The operation-to-privilege mapping is defined for every resource type and
34 request. The Redfish Forum provides a Privilege Registry definition in its
35 official registry collection as a base operation-to-privilege mapping. It also
42 resource only requires the `Login` privilege. On the other hand, the same peer
44 POST operation on certificates requires `ConfigureManager` privilege that the
53 1. https://redfish.dmtf.org/schemas/DSP0266_1.15.1.html#privilege-model
54 2. https://redfish.dmtf.org/schemas/DSP0266_1.15.1.html#redfish-service-operation-to-privilege-mapp…
137 5. the operation-to-privilege mapping
140 and operation-to-privilege mapping need to change when the system keeps running.
146 Another gap is that current Redfish roles and operation-to-privilege mapping
148 principle of least privilege. Though these configurations are defined by DMTF,
150 own OEM roles and privileges if "the standard privilege is overly broad".
156 has at least ConfigureComponents Redfish privilege, which leads to being able to
166 3. Clients shall be able to modify existing operation-to-privilege mappings
190 10. BMC implements a complete privilege registry; that is
191     - It shall implement all overrides in the Redfish base Privilege registries
197     - Changes to resource entities shall be propagated to the current privilege
239 to Redfish privilege. OEM privileges will have fixed prefix "openbmc-orfp".
240 "orfr" refers to OEM Redfish privilege.
320    - Reject deletion of a privilege that's currently in use (assigned to any
433 ### Operation-to-Privilege Mapping Data Structure in Memory
436 Operation-to-Privilege Mapping. For a given route with known entity name, HTTP
444 ### Generate Operation-to-Privilege Mapping Data Structure at Compile Time
451 a variable that represent the whole Operation-to-Privilege Mapping. The input
463 ### Operation-to-Privilege Mapping Overrides
465 In routing codes, we can parse the Operation-to-Privilege Mapping Data Structure
474 the Operation-to-Privilege Mapping in-memory Data Structure.
490 | Any                   |       |Operation-to-Privilege Mapping in-memory Data Structure       |
496 +-----------------------+       |         "Privilege": ["ConfigureComponents"]                 |
503             v                   |            "Privilege": ["ConfigureManager"]                 |
529 With the proposed Dynamic Operation-to-Privilege Mapping Data Structure, and
537 attributes directly, e.g., patch the POST privilege array of OperationMap of
547                 "Privilege": [
552                 "Privilege": [
622 1. verify base Redfish roles, privileges, and base operation-to-privilege
628 4. verify operation-to-privilege can be modified via PATCH on PrivilegeRegistry;