jfraeysd/fetch_ml
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
fetch_ml/configs/schema/permissions.yaml
Jeremie Fraeys 3de1e6e9ab feat: add comprehensive configuration and deployment infrastructure 
- Add development and production configuration templates
- Include Docker build files for containerized deployment
- Add Nginx configuration with SSL/TLS setup
- Include environment configuration examples
- Add SSL certificate setup and management
- Configure application schemas and validation
- Support for both local and production deployment scenarios

Provides flexible deployment options from development to production
with proper security, monitoring, and configuration management.
2025-12-04 16:54:02 -05:00

139 lines
2.7 KiB
YAML
Raw Blame History

# Role-based permissions configuration
# Defines what each role can do in the system
# Permission format: resource:action
# Examples: jobs:create, data:read, users:manage
roles:
admin:
description: "Full system access"
permissions:
- "*"
data_scientist:
description: "ML experiment management"
permissions:
- "jobs:create"
- "jobs:read"
- "jobs:update"
- "jobs:delete:own"
- "data:read"
- "data:create"
- "models:read"
- "models:create"
- "models:update:own"
- "metrics:read"
data_engineer:
description: "Data pipeline and infrastructure"
permissions:
- "data:create"
- "data:read"
- "data:update"
- "data:delete"
- "jobs:read"
- "jobs:update"
- "pipelines:create"
- "pipelines:read"
- "pipelines:update"
- "storage:read"
- "storage:write"
viewer:
description: "Read-only access"
permissions:
- "jobs:read"
- "data:read"
- "models:read"
- "metrics:read"
- "pipelines:read"
operator:
description: "System operations and monitoring"
permissions:
- "jobs:read"
- "jobs:update"
- "jobs:restart"
- "metrics:read"
- "system:read"
- "system:status"
- "logs:read"
# Permission groups for easier management
groups:
ml_developer:
description: "Combined data scientist and data engineer"
inherits:
- data_scientist
- data_engineer
read_only:
description: "Read access to all resources"
permissions:
- "jobs:read"
- "data:read"
- "models:read"
- "pipelines:read"
- "metrics:read"
- "system:read"
# Resource hierarchy for permission inheritance
hierarchy:
jobs:
children:
create: true
read: true
update: true
delete: true
restart: true
special:
own: "User can only access their own resources"
data:
children:
create: true
read: true
update: true
delete: true
upload: true
download: true
models:
children:
create: true
read: true
update: true
delete: true
deploy: true
special:
own: "User can only access their own models"
system:
children:
read: true
status: true
manage: true
config: true
metrics:
children:
read: true
export: true
delete: true
pipelines:
children:
create: true
read: true
update: true
delete: true
run: true
stop: true
# Default permissions for new users
defaults:
new_user_role: "viewer"
admin_users:
- "admin"
- "root"
- "system"
Reference in a new issue View git blame Copy permalink