Add default perm config

pull/252/head
tcdlpds 1 year ago
parent db80546a5a
commit 49747efa18

@ -130,6 +130,10 @@
<groupId>org.json.wso2</groupId> <groupId>org.json.wso2</groupId>
<artifactId>json</artifactId> <artifactId>json</artifactId>
</dependency> </dependency>
<dependency>
<groupId>io.entgra.device.mgt.core</groupId>
<artifactId>io.entgra.device.mgt.core.device.mgt.core</artifactId>
</dependency>
</dependencies> </dependencies>
@ -187,6 +191,8 @@
io.entgra.device.mgt.core.apimgt.webapp.publisher.lifecycle.util, io.entgra.device.mgt.core.apimgt.webapp.publisher.lifecycle.util,
io.entgra.device.mgt.core.device.mgt.common.exceptions, io.entgra.device.mgt.core.device.mgt.common.exceptions,
io.entgra.device.mgt.core.device.mgt.common.metadata.mgt, io.entgra.device.mgt.core.device.mgt.common.metadata.mgt,
io.entgra.device.mgt.core.device.mgt.core.config,
io.entgra.device.mgt.core.device.mgt.core.config.permission,
org.wso2.carbon.base;version="1.0", org.wso2.carbon.base;version="1.0",
org.wso2.carbon.context;version="4.6", org.wso2.carbon.context;version="4.6",
org.wso2.carbon;version="4.6", org.wso2.carbon;version="4.6",

@ -17,7 +17,6 @@
*/ */
package io.entgra.device.mgt.core.apimgt.webapp.publisher; package io.entgra.device.mgt.core.apimgt.webapp.publisher;
import io.entgra.device.mgt.core.apimgt.annotations.Scopes;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices; import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServicesImpl; import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServicesImpl;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServices; import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServices;
@ -40,6 +39,11 @@ import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiScope;
import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiUriTemplate; import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiUriTemplate;
import io.entgra.device.mgt.core.apimgt.webapp.publisher.exception.APIManagerPublisherException; import io.entgra.device.mgt.core.apimgt.webapp.publisher.exception.APIManagerPublisherException;
import io.entgra.device.mgt.core.apimgt.webapp.publisher.internal.APIPublisherDataHolder; import io.entgra.device.mgt.core.apimgt.webapp.publisher.internal.APIPublisherDataHolder;
import io.entgra.device.mgt.core.device.mgt.core.config.DeviceConfigurationManager;
import io.entgra.device.mgt.core.device.mgt.core.config.DeviceManagementConfig;
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission;
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
import io.entgra.device.mgt.core.device.mgt.core.config.permission.ScopeMapping;
import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
@ -437,18 +441,8 @@ public class APIPublisherServiceImpl implements APIPublisherService {
} }
public void addDefaultScopesIfNotExist() { public void addDefaultScopesIfNotExist() {
ArrayList<String> defaultScopes = new ArrayList<>(); DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
defaultScopes.add("dm:devices:any:permitted"); DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions();
defaultScopes.add("dm:device:api:subscribe");
defaultScopes.add("am:admin:lc:app:approve");
defaultScopes.add("am:admin:lc:app:create");
defaultScopes.add("am:admin:lc:app:reject");
defaultScopes.add("am:admin:lc:app:block");
defaultScopes.add("am:admin:lc:app:review");
defaultScopes.add("am:admin:lc:app:retire");
defaultScopes.add("am:admin:lc:app:deprecate");
defaultScopes.add("am:admin:lc:app:publish");
APIApplicationServices apiApplicationServices = new APIApplicationServicesImpl(); APIApplicationServices apiApplicationServices = new APIApplicationServicesImpl();
try { try {
APIApplicationKey apiApplicationKey = APIApplicationKey apiApplicationKey =
@ -460,12 +454,13 @@ public class APIPublisherServiceImpl implements APIPublisherService {
PublisherRESTAPIServices publisherRESTAPIServices = new PublisherRESTAPIServicesImpl(); PublisherRESTAPIServices publisherRESTAPIServices = new PublisherRESTAPIServicesImpl();
Scope scope = new Scope(); Scope scope = new Scope();
for (String defaultScope: defaultScopes) { for (DefaultPermission defaultPermission: defaultPermissions.getDefaultPermissions()) {
//todo check whether scope is available or not //todo check whether scope is available or not
scope.setName(defaultScope); ScopeMapping scopeMapping = defaultPermission.getScopeMapping();
scope.setDescription(defaultScope); scope.setName(scopeMapping.getName());
scope.setKey(defaultScope); scope.setDescription(scopeMapping.getName());
scope.setRoles("Internal/devicemgt-user"); scope.setKey(scopeMapping.getKey());
scope.setRoles(scopeMapping.getDefaultRoles());
publisherRESTAPIServices.addNewSharedScope(apiApplicationKey, accessTokenInfo, scope); publisherRESTAPIServices.addNewSharedScope(apiApplicationKey, accessTokenInfo, scope);
} }
} catch (BadRequestException | UnexpectedResponseException | APIServicesException e) { } catch (BadRequestException | UnexpectedResponseException | APIServicesException e) {

@ -18,17 +18,14 @@
package io.entgra.device.mgt.core.apimgt.webapp.publisher.lifecycle.listener; package io.entgra.device.mgt.core.apimgt.webapp.publisher.lifecycle.listener;
import com.google.gson.Gson; import com.google.gson.Gson;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServicesImpl;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServices;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.PublisherRESTAPIServicesImpl;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIApplicationKey;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIInfo.Scope;
import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.AccessTokenInfo;
import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiScope; import io.entgra.device.mgt.core.apimgt.webapp.publisher.dto.ApiScope;
import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException; import io.entgra.device.mgt.core.device.mgt.common.exceptions.MetadataManagementException;
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata; import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.Metadata;
import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.MetadataManagementService; import io.entgra.device.mgt.core.device.mgt.common.metadata.mgt.MetadataManagementService;
import io.entgra.device.mgt.core.device.mgt.core.config.DeviceConfigurationManager;
import io.entgra.device.mgt.core.device.mgt.core.config.DeviceManagementConfig;
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermission;
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
import org.apache.catalina.Lifecycle; import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleEvent; import org.apache.catalina.LifecycleEvent;
import org.apache.catalina.LifecycleListener; import org.apache.catalina.LifecycleListener;
@ -47,7 +44,10 @@ import org.wso2.carbon.user.api.UserStoreException;
import javax.servlet.ServletContext; import javax.servlet.ServletContext;
import java.io.IOException; import java.io.IOException;
import java.util.*; import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
@SuppressWarnings("unused") @SuppressWarnings("unused")
public class APIPublisherLifecycleListener implements LifecycleListener { public class APIPublisherLifecycleListener implements LifecycleListener {
@ -128,45 +128,26 @@ public class APIPublisherLifecycleListener implements LifecycleListener {
"' and version '" + apiConfig.getVersion() + "'", e); "' and version '" + apiConfig.getVersion() + "'", e);
} }
} }
apiPublisherDataHolder.setPermScopeMapping(permScopeMap);
Map<String, String> permScopeMapping = apiPublisherDataHolder.getPermScopeMapping(); Metadata existingMetaData = metadataManagementService.retrieveMetadata("perm-scope" +
if (!permScopeMapping.isEmpty()) { "-mapping");
Metadata existingMetaData = metadataManagementService.retrieveMetadata("perm-scope" + if (existingMetaData != null) {
"-mapping"); existingMetaData.setMetaValue(new Gson().toJson(permScopeMap));
if (existingMetaData != null) { metadataManagementService.updateMetadata(existingMetaData);
existingMetaData.setMetaValue(new Gson().toJson(apiPublisherDataHolder.getPermScopeMapping() } else {
)); Metadata newMetaData = new Metadata();
metadataManagementService.updateMetadata(existingMetaData); newMetaData.setMetaKey("perm-scope-mapping");
} else {
Metadata newMetaData = new Metadata();
newMetaData.setMetaKey("perm-scope-mapping");
permScopeMapping =
apiPublisherDataHolder.getPermScopeMapping();
//Todo fix this properly with a config DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
Map<String, String> defaultScopePermMap = new HashMap<>(); DefaultPermissions defaultPermissions = deviceManagementConfig.getDefaultPermissions();
defaultScopePermMap.put("/permission/admin/device-mgt/devices/any-device/permitted-actions-under-owning-device", "dm:devices:any:permitted");
defaultScopePermMap.put("/permission/admin/device-mgt/device/api/subscribe", "dm:device:api:subscribe");
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/approve", "am:admin:lc:app:approve");
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/create", "am:admin:lc:app:create");
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/reject", "am:admin:lc:app:reject");
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/block", "am:admin:lc:app:block");
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/review", "am:admin:lc:app:review");
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/retire", "am:admin:lc:app:retire");
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/deprecate", "am:admin:lc:app:deprecate");
defaultScopePermMap.put("/permission/admin/app-mgt/life-cycle/application/publish", "am:admin:lc:app:publish");
for (Map.Entry<String,String> mapElement : defaultScopePermMap.entrySet()) { for (DefaultPermission defaultPermission : defaultPermissions.getDefaultPermissions()) {
String key = mapElement.getKey(); permScopeMap.put(defaultPermission.getName(), defaultPermission.getScopeMapping().getKey());
String value = mapElement.getValue();
permScopeMapping.put(key,value);
}
apiPublisherDataHolder.setPermScopeMapping(permScopeMapping);
newMetaData.setMetaValue(new Gson().toJson(permScopeMapping));
metadataManagementService.createMetadata(newMetaData);
} }
newMetaData.setMetaValue(new Gson().toJson(permScopeMap));
metadataManagementService.createMetadata(newMetaData);
} }
apiPublisherDataHolder.setPermScopeMapping(permScopeMap);
} catch (IOException e) { } catch (IOException e) {
log.error("Error encountered while discovering annotated classes", e); log.error("Error encountered while discovering annotated classes", e);
} catch (ClassNotFoundException e) { } catch (ClassNotFoundException e) {

@ -39,6 +39,7 @@ import io.entgra.device.mgt.core.device.mgt.core.config.push.notification.PushNo
import io.entgra.device.mgt.core.device.mgt.core.config.remote.session.RemoteSessionConfiguration; import io.entgra.device.mgt.core.device.mgt.core.config.remote.session.RemoteSessionConfiguration;
import io.entgra.device.mgt.core.device.mgt.core.config.status.task.DeviceStatusTaskConfig; import io.entgra.device.mgt.core.device.mgt.core.config.status.task.DeviceStatusTaskConfig;
import io.entgra.device.mgt.core.device.mgt.core.config.task.TaskConfiguration; import io.entgra.device.mgt.core.device.mgt.core.config.task.TaskConfiguration;
import io.entgra.device.mgt.core.device.mgt.core.config.permission.DefaultPermissions;
import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlRootElement;
@ -75,6 +76,8 @@ public final class DeviceManagementConfig {
private MetaDataConfiguration metaDataConfiguration; private MetaDataConfiguration metaDataConfiguration;
private EnrollmentGuideConfiguration enrollmentGuideConfiguration; private EnrollmentGuideConfiguration enrollmentGuideConfiguration;
private DefaultPermissions defaultPermissions;
@XmlElement(name = "ManagementRepository", required = true) @XmlElement(name = "ManagementRepository", required = true)
public DeviceManagementConfigRepository getDeviceManagementConfigRepository() { public DeviceManagementConfigRepository getDeviceManagementConfigRepository() {
return deviceManagementConfigRepository; return deviceManagementConfigRepository;
@ -287,5 +290,14 @@ public final class DeviceManagementConfig {
public void setEnrollmentGuideConfiguration(EnrollmentGuideConfiguration enrollmentGuideConfiguration) { public void setEnrollmentGuideConfiguration(EnrollmentGuideConfiguration enrollmentGuideConfiguration) {
this.enrollmentGuideConfiguration = enrollmentGuideConfiguration; this.enrollmentGuideConfiguration = enrollmentGuideConfiguration;
} }
@XmlElement(name = "DefaultPermissions", required = true)
public DefaultPermissions getDefaultPermissions() {
return defaultPermissions;
}
public void setDefaultPermissions(DefaultPermissions defaultPermissions) {
this.defaultPermissions = defaultPermissions;
}
} }

@ -0,0 +1,47 @@
/*
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package io.entgra.device.mgt.core.device.mgt.core.config.permission;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
@XmlRootElement(name = "DefaultPermission")
public class DefaultPermission {
private String name;
private ScopeMapping scopeMapping;
@XmlElement(name = "Name", required = true)
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@XmlElement(name = "MappedScopeDetails", required = true)
public ScopeMapping getScopeMapping() {
return scopeMapping;
}
public void setScopeMapping(ScopeMapping scopeMapping) {
this.scopeMapping = scopeMapping;
}
}

@ -0,0 +1,38 @@
/*
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package io.entgra.device.mgt.core.device.mgt.core.config.permission;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import java.util.List;
@XmlRootElement(name = "DefaultPermissions")
public class DefaultPermissions {
private List<DefaultPermission> defaultPermissions;
@XmlElement(name = "DefaultPermission", required = true)
public List<DefaultPermission> getDefaultPermissions() {
return defaultPermissions;
}
public void setDefaultPermissions(List<DefaultPermission> defaultPermissions) {
this.defaultPermissions = defaultPermissions;
}
}

@ -0,0 +1,58 @@
/*
* Copyright (c) 2018 - 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
*
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package io.entgra.device.mgt.core.device.mgt.core.config.permission;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
@XmlRootElement(name = "MappedScopeDetails")
public class ScopeMapping {
private String name;
private String key;
private String defaultRoles;
@XmlElement(name = "Name", required = true)
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@XmlElement(name = "Key", required = true)
public String getKey() {
return key;
}
public void setKey(String key) {
this.key = key;
}
@XmlElement(name = "DefaultRoles", required = true)
public String getDefaultRoles() {
return defaultRoles;
}
public void setDefaultRoles(String defaultRoles) {
this.defaultRoles = defaultRoles;
}
}

@ -211,5 +211,87 @@
<Enable>false</Enable> <Enable>false</Enable>
<Mail>Replace with mail</Mail> <Mail>Replace with mail</Mail>
</EnrollmentGuideConfiguration> </EnrollmentGuideConfiguration>
<DefaultPermissions>
<DefaultPermission>
<Name>/permission/admin/device-mgt/devices/any-device/permitted-actions-under-owning-device</Name>
<MappedScopeDetails>
<Name>Apply permitted actions on any device</Name>
<Key>dm:devices:any:permitted</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/device-mgt/device/api/subscribe</Name>
<MappedScopeDetails>
<Name>Subscribe APIs</Name>
<Key>dm:device:api:subscribe</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/approve</Name>
<MappedScopeDetails>
<Name>Approve Applications</Name>
<Key>am:admin:lc:app:approve</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/create</Name>
<MappedScopeDetails>
<Name>Create Applications</Name>
<Key>am:admin:lc:app:create</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/reject</Name>
<MappedScopeDetails>
<Name>Reject Applications</Name>
<Key>am:admin:lc:app:reject</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/block</Name>
<MappedScopeDetails>
<Name>Block Applications</Name>
<Key>am:admin:lc:app:block</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/review</Name>
<MappedScopeDetails>
<Name>Review Applications</Name>
<Key>am:admin:lc:app:review</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/retire</Name>
<MappedScopeDetails>
<Name>Retire Applications</Name>
<Key>am:admin:lc:app:retire</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/deprecate</Name>
<MappedScopeDetails>
<Name>Deprecate Application</Name>
<Key>am:admin:lc:app:deprecate</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/publish</Name>
<MappedScopeDetails>
<Name>Publish Applications</Name>
<Key>am:admin:lc:app:publish</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
</DefaultPermissions>
</DeviceMgtConfiguration> </DeviceMgtConfiguration>

@ -383,5 +383,87 @@
<Mail>Replace with mail</Mail> <Mail>Replace with mail</Mail>
{% endif %} {% endif %}
</EnrollmentGuideConfiguration> </EnrollmentGuideConfiguration>
<DefaultPermissions>
<DefaultPermission>
<Name>/permission/admin/device-mgt/devices/any-device/permitted-actions-under-owning-device</Name>
<MappedScopeDetails>
<Name>Apply permitted actions on any device</Name>
<Key>dm:devices:any:permitted</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/device-mgt/device/api/subscribe</Name>
<MappedScopeDetails>
<Name>Subscribe APIs</Name>
<Key>dm:device:api:subscribe</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/approve</Name>
<MappedScopeDetails>
<Name>Approve Applications</Name>
<Key>am:admin:lc:app:approve</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/create</Name>
<MappedScopeDetails>
<Name>Create Applications</Name>
<Key>am:admin:lc:app:create</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/reject</Name>
<MappedScopeDetails>
<Name>Reject Applications</Name>
<Key>am:admin:lc:app:reject</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/block</Name>
<MappedScopeDetails>
<Name>Block Applications</Name>
<Key>am:admin:lc:app:block</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/review</Name>
<MappedScopeDetails>
<Name>Review Applications</Name>
<Key>am:admin:lc:app:review</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/retire</Name>
<MappedScopeDetails>
<Name>Retire Applications</Name>
<Key>am:admin:lc:app:retire</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/deprecate</Name>
<MappedScopeDetails>
<Name>Deprecate Application</Name>
<Key>am:admin:lc:app:deprecate</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
<DefaultPermission>
<Name>/permission/admin/app-mgt/life-cycle/application/publish</Name>
<MappedScopeDetails>
<Name>Publish Applications</Name>
<Key>am:admin:lc:app:publish</Key>
<DefaultRoles>Internal/devicemgt-user</DefaultRoles>
</MappedScopeDetails>
</DefaultPermission>
</DefaultPermissions>
</DeviceMgtConfiguration> </DeviceMgtConfiguration>

Loading…
Cancel
Save