Include auth domain actions in TDR snapshot roles

Enable users to read and/or update the auth domain of a snapshot depending on their role.
broadinstitute · Oct 16, 2023 · e5ed09b · e5ed09b
1 parent 4b07b8e
commit e5ed09b
Showing 1 changed file with 11 additions and 5 deletions.
diff --git a/src/main/resources/reference.conf b/src/main/resources/reference.conf
@@ -1263,23 +1263,29 @@ resourceTypes = {
       view_journal = {
         description = "View datasnapshot journal entries"
       }
+      read_auth_domain = {
+        description = "view the auth domain of the snapshot"
+      }
+      update_auth_domain = {
+        description = "update the groups in the auth domain of the snapshot"
+      }
     }
     ownerRoleName = "steward"
     roles = {
       steward = {
-        roleActions = ["delete", "edit_datasnapshot", "update_snapshot", "read_data",  "discover_data",  "share_policy::steward", "share_policy::custodian", "share_policy::reader",  "share_policy::discoverer", "read_policies", "set_public", "update_passport_identifier", "export_snapshot", "view_journal"]
+        roleActions = ["delete", "edit_datasnapshot", "update_snapshot", "read_data",  "discover_data",  "share_policy::steward", "share_policy::custodian", "share_policy::reader",  "share_policy::discoverer", "read_policies", "set_public", "update_passport_identifier", "export_snapshot", "view_journal", "read_auth_domain", "update_auth_domain"]
       }
       custodian = {
-        roleActions = ["delete", "edit_datasnapshot", "update_snapshot", "read_data",  "discover_data",  "share_policy::reader",  "share_policy::discoverer", "read_policies", "set_public", "export_snapshot"]
+        roleActions = ["delete", "edit_datasnapshot", "update_snapshot", "read_data",  "discover_data",  "share_policy::reader",  "share_policy::discoverer", "read_policies", "set_public", "export_snapshot", "read_auth_domain"]
       }
       discoverer = {
-        roleActions = ["discover_data", "read_policy::steward", "read_policy::discoverer"]
+        roleActions = ["discover_data", "read_policy::steward", "read_policy::discoverer", "read_auth_domain"]
       }
       reader = {
-        roleActions = ["read_data", "discover_data", "read_policy::steward", "read_policy::custodian", "read_policy::discoverer", "export_snapshot"]
+        roleActions = ["read_data", "discover_data", "read_policy::steward", "read_policy::custodian", "read_policy::discoverer", "export_snapshot", "read_auth_domain"]
       }
       admin = {
-        roleActions = ["read_policies", "share_policy::steward", "alter_policies"]
+        roleActions = ["read_policies", "share_policy::steward", "alter_policies", "read_auth_domain", "update_auth_domain"]
       }
     }
     reuseIds = false