# Fetch ML Permissions Configuration Schema (JSON Schema expressed as YAML) $schema: "http://json-schema.org/draft-07/schema#" title: "Fetch ML Permissions Configuration" type: object additionalProperties: false required: - roles properties: roles: type: object description: Role-based permissions configuration additionalProperties: type: object additionalProperties: false required: - description - permissions properties: description: type: string description: Human-readable role description permissions: type: array description: List of permissions for this role items: type: string pattern: "^[^:]+:[^:]+$" description: Permission in format resource:action groups: type: object description: Permission groups for easier management additionalProperties: type: object additionalProperties: false required: - description properties: description: type: string description: Group description inherits: type: array description: Roles to inherit permissions from items: type: string permissions: type: array description: Additional permissions for this group items: type: string pattern: "^[^:]+:[^:]+$" hierarchy: type: object description: Resource hierarchy for permission inheritance additionalProperties: type: object additionalProperties: false properties: children: type: object description: Child permissions additionalProperties: type: boolean special: type: object description: Special permission rules additionalProperties: type: string defaults: type: object description: Default permission settings additionalProperties: false properties: new_user_role: type: string description: Default role for new users default: "viewer" admin_users: type: array description: Users with admin privileges items: type: string default: ["admin", "root", "system"] # Examples section (not part of schema but for documentation) examples: - | roles: admin: description: "Full system access" permissions: ["*"] data_scientist: description: "ML experiment management" permissions: - "jobs:create" - "jobs:read" - "data:read" - "models:create"