The authorization XML format is used by the auth XML importer/exporter to manage the set of agents and permissions in the system. Modifications to the existing system should be made by first exporting the current state, making changes in the outputted XML, and re-importing.
The authorization XML format contains two major sections, one describing the permission sets in the system (<permissionSets>) and the other the agents in the system (agents).
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<authorization xmlns="auth.xml.ldr.greenbus.io">
<permissionSets>
<permissionSet name="first" id="1">
<!-- ... -->
</permissionSet>
<permissionSet name="second" id="2">
<!-- ... -->
</permissionSet>
<!-- ... -->
</permissionSets>
<agents>
<agent name="agent01" uuid="...">
<!-- ... -->
</agent>
<agent name="agent02" uuid="...">
<!-- ... -->
</agent>
</agents>
</authorization>The <permissionSet> element defines an instance of a permission set in the authorization system. It contains a set of <allow> and <deny> elements that define the permissions in the set.
Permission set attributes:
name - The name of the permission set.id - Optional. Identifies the permission set uniquely in the system. Generated by the services and outputted by the XML exporter to correlate renamed objects. Should not be provided or modified by the user.Example:
<permissionSet name="read_only" id="11">
<deny>
<action name="read"/>
<action name="delete"/>
<resource name="auth_token"/>
<selector style="*"/>
</deny>
<allow>
<action name="read"/>
<action name="delete"/>
<resource name="auth_token"/>
<selector style="self"/>
</allow>
<allow>
<action name="read"/>
<resource name="*"/>
<selector style="*"/>
</allow>
</permissionSet>Permissions are defined by <allow> and <deny> elements that contain actions and resources to be allowed or denied, respectively.
Permission elements can contain <action>, <resource>, and <selector> elements. Multiple actions and resources are valid, but the permission must contain only one selector.
The <action> and <resource> elements contain a single attribute, name, that specifies the action/resource name.
The <selector> element contains a single attribute, style, that specifies the style selector. Additionally, selectors may contain a list of <argument> elements to define selector arguments. The <argument> element contains a single attribute, value, a string that provides the argument value.
Example of selector with arguments:
<selector style="type">
<argument value="AuthorizedType"/>
<argument value="SecondType"/>
</selector>The <agents> element defines the list of agents in the system, specified by a sequence of <agent> elements.
Agent attributes:
name - The name of the agent.uuid - Optional. Identifies the agent set uniquely in the system. Generated by the services and outputted by the XML exporter to correlate renamed objects. Should not be provided or modified by the user.Additionally, agents may contain a set of <permissionSet> elements that reference, by their name attribute, permission sets to be assigned to the agent.
Example:
<agents>
<agent name="operator" uuid="...">
<permissionSet name="command_creator"/>
<permissionSet name="command_issuer"/>
<permissionSet name="user_role"/>
<permissionSet name="system_viewer"/>
</agent>
<agent name="fep_application" uuid="...">
<permissionSet name="application"/>
<permissionSet name="protocol_adapter"/>
</agent>
</agents>Note that agent passwords are not a part of the XML format. The importer will prompt for initial passwords for agents created through the XML format.