mirror of
https://github.com/coder/coder.git
synced 2026-06-02 20:48:20 +00:00
Thomas Kosiewski
d0db9ec88f
# Canonicalize API Key Scopes This PR introduces canonical API key scopes with a `coder:` namespace prefix to avoid collisions with low-level resource:action names. It: 1. Renames special API key scopes in the database: - `all` → `coder:all` - `application_connect` → `coder:application_connect` 2. Adds support for a new `scopes` field in the API key creation request, allowing multiple scopes to be specified while maintaining backward compatibility with the singular `scope` field. 3. Updates the API documentation to reflect these changes, including the new endpoint for listing public API key scopes. 4. Ensures backward compatibility by mapping between legacy and canonical scope names in relevant code paths.
449 lines
19 KiB
Go
449 lines
19 KiB
Go
// Code generated by: go run ./scripts/typegen rbac scopenames; DO NOT EDIT.
|
|
package rbac
|
|
|
|
// ScopeName constants generated from policy.RBACPermissions.
|
|
// These represent low-level "<resource>:<action>" scope names.
|
|
// Built-in non-low-level scopes like "all" and "application_connect" remain
|
|
// declared in code, not here, to avoid duplication.
|
|
|
|
const (
|
|
ScopeAibridgeInterceptionCreate ScopeName = "aibridge_interception:create"
|
|
ScopeAibridgeInterceptionRead ScopeName = "aibridge_interception:read"
|
|
ScopeAibridgeInterceptionUpdate ScopeName = "aibridge_interception:update"
|
|
ScopeApiKeyCreate ScopeName = "api_key:create"
|
|
ScopeApiKeyDelete ScopeName = "api_key:delete"
|
|
ScopeApiKeyRead ScopeName = "api_key:read"
|
|
ScopeApiKeyUpdate ScopeName = "api_key:update"
|
|
ScopeAssignOrgRoleAssign ScopeName = "assign_org_role:assign"
|
|
ScopeAssignOrgRoleCreate ScopeName = "assign_org_role:create"
|
|
ScopeAssignOrgRoleDelete ScopeName = "assign_org_role:delete"
|
|
ScopeAssignOrgRoleRead ScopeName = "assign_org_role:read"
|
|
ScopeAssignOrgRoleUnassign ScopeName = "assign_org_role:unassign"
|
|
ScopeAssignOrgRoleUpdate ScopeName = "assign_org_role:update"
|
|
ScopeAssignRoleAssign ScopeName = "assign_role:assign"
|
|
ScopeAssignRoleRead ScopeName = "assign_role:read"
|
|
ScopeAssignRoleUnassign ScopeName = "assign_role:unassign"
|
|
ScopeAuditLogCreate ScopeName = "audit_log:create"
|
|
ScopeAuditLogRead ScopeName = "audit_log:read"
|
|
ScopeConnectionLogRead ScopeName = "connection_log:read"
|
|
ScopeConnectionLogUpdate ScopeName = "connection_log:update"
|
|
ScopeCryptoKeyCreate ScopeName = "crypto_key:create"
|
|
ScopeCryptoKeyDelete ScopeName = "crypto_key:delete"
|
|
ScopeCryptoKeyRead ScopeName = "crypto_key:read"
|
|
ScopeCryptoKeyUpdate ScopeName = "crypto_key:update"
|
|
ScopeDebugInfoRead ScopeName = "debug_info:read"
|
|
ScopeDeploymentConfigRead ScopeName = "deployment_config:read"
|
|
ScopeDeploymentConfigUpdate ScopeName = "deployment_config:update"
|
|
ScopeDeploymentStatsRead ScopeName = "deployment_stats:read"
|
|
ScopeFileCreate ScopeName = "file:create"
|
|
ScopeFileRead ScopeName = "file:read"
|
|
ScopeGroupCreate ScopeName = "group:create"
|
|
ScopeGroupDelete ScopeName = "group:delete"
|
|
ScopeGroupRead ScopeName = "group:read"
|
|
ScopeGroupUpdate ScopeName = "group:update"
|
|
ScopeGroupMemberRead ScopeName = "group_member:read"
|
|
ScopeIdpsyncSettingsRead ScopeName = "idpsync_settings:read"
|
|
ScopeIdpsyncSettingsUpdate ScopeName = "idpsync_settings:update"
|
|
ScopeInboxNotificationCreate ScopeName = "inbox_notification:create"
|
|
ScopeInboxNotificationRead ScopeName = "inbox_notification:read"
|
|
ScopeInboxNotificationUpdate ScopeName = "inbox_notification:update"
|
|
ScopeLicenseCreate ScopeName = "license:create"
|
|
ScopeLicenseDelete ScopeName = "license:delete"
|
|
ScopeLicenseRead ScopeName = "license:read"
|
|
ScopeNotificationMessageCreate ScopeName = "notification_message:create"
|
|
ScopeNotificationMessageDelete ScopeName = "notification_message:delete"
|
|
ScopeNotificationMessageRead ScopeName = "notification_message:read"
|
|
ScopeNotificationMessageUpdate ScopeName = "notification_message:update"
|
|
ScopeNotificationPreferenceRead ScopeName = "notification_preference:read"
|
|
ScopeNotificationPreferenceUpdate ScopeName = "notification_preference:update"
|
|
ScopeNotificationTemplateRead ScopeName = "notification_template:read"
|
|
ScopeNotificationTemplateUpdate ScopeName = "notification_template:update"
|
|
ScopeOauth2AppCreate ScopeName = "oauth2_app:create"
|
|
ScopeOauth2AppDelete ScopeName = "oauth2_app:delete"
|
|
ScopeOauth2AppRead ScopeName = "oauth2_app:read"
|
|
ScopeOauth2AppUpdate ScopeName = "oauth2_app:update"
|
|
ScopeOauth2AppCodeTokenCreate ScopeName = "oauth2_app_code_token:create"
|
|
ScopeOauth2AppCodeTokenDelete ScopeName = "oauth2_app_code_token:delete"
|
|
ScopeOauth2AppCodeTokenRead ScopeName = "oauth2_app_code_token:read"
|
|
ScopeOauth2AppSecretCreate ScopeName = "oauth2_app_secret:create"
|
|
ScopeOauth2AppSecretDelete ScopeName = "oauth2_app_secret:delete"
|
|
ScopeOauth2AppSecretRead ScopeName = "oauth2_app_secret:read"
|
|
ScopeOauth2AppSecretUpdate ScopeName = "oauth2_app_secret:update"
|
|
ScopeOrganizationCreate ScopeName = "organization:create"
|
|
ScopeOrganizationDelete ScopeName = "organization:delete"
|
|
ScopeOrganizationRead ScopeName = "organization:read"
|
|
ScopeOrganizationUpdate ScopeName = "organization:update"
|
|
ScopeOrganizationMemberCreate ScopeName = "organization_member:create"
|
|
ScopeOrganizationMemberDelete ScopeName = "organization_member:delete"
|
|
ScopeOrganizationMemberRead ScopeName = "organization_member:read"
|
|
ScopeOrganizationMemberUpdate ScopeName = "organization_member:update"
|
|
ScopePrebuiltWorkspaceDelete ScopeName = "prebuilt_workspace:delete"
|
|
ScopePrebuiltWorkspaceUpdate ScopeName = "prebuilt_workspace:update"
|
|
ScopeProvisionerDaemonCreate ScopeName = "provisioner_daemon:create"
|
|
ScopeProvisionerDaemonDelete ScopeName = "provisioner_daemon:delete"
|
|
ScopeProvisionerDaemonRead ScopeName = "provisioner_daemon:read"
|
|
ScopeProvisionerDaemonUpdate ScopeName = "provisioner_daemon:update"
|
|
ScopeProvisionerJobsCreate ScopeName = "provisioner_jobs:create"
|
|
ScopeProvisionerJobsRead ScopeName = "provisioner_jobs:read"
|
|
ScopeProvisionerJobsUpdate ScopeName = "provisioner_jobs:update"
|
|
ScopeReplicasRead ScopeName = "replicas:read"
|
|
ScopeSystemCreate ScopeName = "system:create"
|
|
ScopeSystemDelete ScopeName = "system:delete"
|
|
ScopeSystemRead ScopeName = "system:read"
|
|
ScopeSystemUpdate ScopeName = "system:update"
|
|
ScopeTailnetCoordinatorCreate ScopeName = "tailnet_coordinator:create"
|
|
ScopeTailnetCoordinatorDelete ScopeName = "tailnet_coordinator:delete"
|
|
ScopeTailnetCoordinatorRead ScopeName = "tailnet_coordinator:read"
|
|
ScopeTailnetCoordinatorUpdate ScopeName = "tailnet_coordinator:update"
|
|
ScopeTemplateCreate ScopeName = "template:create"
|
|
ScopeTemplateDelete ScopeName = "template:delete"
|
|
ScopeTemplateRead ScopeName = "template:read"
|
|
ScopeTemplateUpdate ScopeName = "template:update"
|
|
ScopeTemplateUse ScopeName = "template:use"
|
|
ScopeTemplateViewInsights ScopeName = "template:view_insights"
|
|
ScopeUsageEventCreate ScopeName = "usage_event:create"
|
|
ScopeUsageEventRead ScopeName = "usage_event:read"
|
|
ScopeUsageEventUpdate ScopeName = "usage_event:update"
|
|
ScopeUserCreate ScopeName = "user:create"
|
|
ScopeUserDelete ScopeName = "user:delete"
|
|
ScopeUserRead ScopeName = "user:read"
|
|
ScopeUserReadPersonal ScopeName = "user:read_personal"
|
|
ScopeUserUpdate ScopeName = "user:update"
|
|
ScopeUserUpdatePersonal ScopeName = "user:update_personal"
|
|
ScopeUserSecretCreate ScopeName = "user_secret:create"
|
|
ScopeUserSecretDelete ScopeName = "user_secret:delete"
|
|
ScopeUserSecretRead ScopeName = "user_secret:read"
|
|
ScopeUserSecretUpdate ScopeName = "user_secret:update"
|
|
ScopeWebpushSubscriptionCreate ScopeName = "webpush_subscription:create"
|
|
ScopeWebpushSubscriptionDelete ScopeName = "webpush_subscription:delete"
|
|
ScopeWebpushSubscriptionRead ScopeName = "webpush_subscription:read"
|
|
ScopeWorkspaceApplicationConnect ScopeName = "workspace:application_connect"
|
|
ScopeWorkspaceCreate ScopeName = "workspace:create"
|
|
ScopeWorkspaceCreateAgent ScopeName = "workspace:create_agent"
|
|
ScopeWorkspaceDelete ScopeName = "workspace:delete"
|
|
ScopeWorkspaceDeleteAgent ScopeName = "workspace:delete_agent"
|
|
ScopeWorkspaceRead ScopeName = "workspace:read"
|
|
ScopeWorkspaceSsh ScopeName = "workspace:ssh"
|
|
ScopeWorkspaceStart ScopeName = "workspace:start"
|
|
ScopeWorkspaceStop ScopeName = "workspace:stop"
|
|
ScopeWorkspaceUpdate ScopeName = "workspace:update"
|
|
ScopeWorkspaceAgentDevcontainersCreate ScopeName = "workspace_agent_devcontainers:create"
|
|
ScopeWorkspaceAgentResourceMonitorCreate ScopeName = "workspace_agent_resource_monitor:create"
|
|
ScopeWorkspaceAgentResourceMonitorRead ScopeName = "workspace_agent_resource_monitor:read"
|
|
ScopeWorkspaceAgentResourceMonitorUpdate ScopeName = "workspace_agent_resource_monitor:update"
|
|
ScopeWorkspaceDormantApplicationConnect ScopeName = "workspace_dormant:application_connect"
|
|
ScopeWorkspaceDormantCreate ScopeName = "workspace_dormant:create"
|
|
ScopeWorkspaceDormantCreateAgent ScopeName = "workspace_dormant:create_agent"
|
|
ScopeWorkspaceDormantDelete ScopeName = "workspace_dormant:delete"
|
|
ScopeWorkspaceDormantDeleteAgent ScopeName = "workspace_dormant:delete_agent"
|
|
ScopeWorkspaceDormantRead ScopeName = "workspace_dormant:read"
|
|
ScopeWorkspaceDormantSsh ScopeName = "workspace_dormant:ssh"
|
|
ScopeWorkspaceDormantStart ScopeName = "workspace_dormant:start"
|
|
ScopeWorkspaceDormantStop ScopeName = "workspace_dormant:stop"
|
|
ScopeWorkspaceDormantUpdate ScopeName = "workspace_dormant:update"
|
|
ScopeWorkspaceProxyCreate ScopeName = "workspace_proxy:create"
|
|
ScopeWorkspaceProxyDelete ScopeName = "workspace_proxy:delete"
|
|
ScopeWorkspaceProxyRead ScopeName = "workspace_proxy:read"
|
|
ScopeWorkspaceProxyUpdate ScopeName = "workspace_proxy:update"
|
|
)
|
|
|
|
// Valid reports whether the ScopeName matches one of the known scope values.
|
|
// This includes both builtin scope names and generated low-level scopes.
|
|
// Builtins are sourced from rbac.BuiltinScopeNames() at generation time to
|
|
// ensure changes in rbac/scopes.go remain in sync here.
|
|
func (e ScopeName) Valid() bool {
|
|
switch e {
|
|
case ScopeName("coder:all"),
|
|
ScopeName("coder:application_connect"),
|
|
ScopeName("no_user_data"),
|
|
ScopeAibridgeInterceptionCreate,
|
|
ScopeAibridgeInterceptionRead,
|
|
ScopeAibridgeInterceptionUpdate,
|
|
ScopeApiKeyCreate,
|
|
ScopeApiKeyDelete,
|
|
ScopeApiKeyRead,
|
|
ScopeApiKeyUpdate,
|
|
ScopeAssignOrgRoleAssign,
|
|
ScopeAssignOrgRoleCreate,
|
|
ScopeAssignOrgRoleDelete,
|
|
ScopeAssignOrgRoleRead,
|
|
ScopeAssignOrgRoleUnassign,
|
|
ScopeAssignOrgRoleUpdate,
|
|
ScopeAssignRoleAssign,
|
|
ScopeAssignRoleRead,
|
|
ScopeAssignRoleUnassign,
|
|
ScopeAuditLogCreate,
|
|
ScopeAuditLogRead,
|
|
ScopeConnectionLogRead,
|
|
ScopeConnectionLogUpdate,
|
|
ScopeCryptoKeyCreate,
|
|
ScopeCryptoKeyDelete,
|
|
ScopeCryptoKeyRead,
|
|
ScopeCryptoKeyUpdate,
|
|
ScopeDebugInfoRead,
|
|
ScopeDeploymentConfigRead,
|
|
ScopeDeploymentConfigUpdate,
|
|
ScopeDeploymentStatsRead,
|
|
ScopeFileCreate,
|
|
ScopeFileRead,
|
|
ScopeGroupCreate,
|
|
ScopeGroupDelete,
|
|
ScopeGroupRead,
|
|
ScopeGroupUpdate,
|
|
ScopeGroupMemberRead,
|
|
ScopeIdpsyncSettingsRead,
|
|
ScopeIdpsyncSettingsUpdate,
|
|
ScopeInboxNotificationCreate,
|
|
ScopeInboxNotificationRead,
|
|
ScopeInboxNotificationUpdate,
|
|
ScopeLicenseCreate,
|
|
ScopeLicenseDelete,
|
|
ScopeLicenseRead,
|
|
ScopeNotificationMessageCreate,
|
|
ScopeNotificationMessageDelete,
|
|
ScopeNotificationMessageRead,
|
|
ScopeNotificationMessageUpdate,
|
|
ScopeNotificationPreferenceRead,
|
|
ScopeNotificationPreferenceUpdate,
|
|
ScopeNotificationTemplateRead,
|
|
ScopeNotificationTemplateUpdate,
|
|
ScopeOauth2AppCreate,
|
|
ScopeOauth2AppDelete,
|
|
ScopeOauth2AppRead,
|
|
ScopeOauth2AppUpdate,
|
|
ScopeOauth2AppCodeTokenCreate,
|
|
ScopeOauth2AppCodeTokenDelete,
|
|
ScopeOauth2AppCodeTokenRead,
|
|
ScopeOauth2AppSecretCreate,
|
|
ScopeOauth2AppSecretDelete,
|
|
ScopeOauth2AppSecretRead,
|
|
ScopeOauth2AppSecretUpdate,
|
|
ScopeOrganizationCreate,
|
|
ScopeOrganizationDelete,
|
|
ScopeOrganizationRead,
|
|
ScopeOrganizationUpdate,
|
|
ScopeOrganizationMemberCreate,
|
|
ScopeOrganizationMemberDelete,
|
|
ScopeOrganizationMemberRead,
|
|
ScopeOrganizationMemberUpdate,
|
|
ScopePrebuiltWorkspaceDelete,
|
|
ScopePrebuiltWorkspaceUpdate,
|
|
ScopeProvisionerDaemonCreate,
|
|
ScopeProvisionerDaemonDelete,
|
|
ScopeProvisionerDaemonRead,
|
|
ScopeProvisionerDaemonUpdate,
|
|
ScopeProvisionerJobsCreate,
|
|
ScopeProvisionerJobsRead,
|
|
ScopeProvisionerJobsUpdate,
|
|
ScopeReplicasRead,
|
|
ScopeSystemCreate,
|
|
ScopeSystemDelete,
|
|
ScopeSystemRead,
|
|
ScopeSystemUpdate,
|
|
ScopeTailnetCoordinatorCreate,
|
|
ScopeTailnetCoordinatorDelete,
|
|
ScopeTailnetCoordinatorRead,
|
|
ScopeTailnetCoordinatorUpdate,
|
|
ScopeTemplateCreate,
|
|
ScopeTemplateDelete,
|
|
ScopeTemplateRead,
|
|
ScopeTemplateUpdate,
|
|
ScopeTemplateUse,
|
|
ScopeTemplateViewInsights,
|
|
ScopeUsageEventCreate,
|
|
ScopeUsageEventRead,
|
|
ScopeUsageEventUpdate,
|
|
ScopeUserCreate,
|
|
ScopeUserDelete,
|
|
ScopeUserRead,
|
|
ScopeUserReadPersonal,
|
|
ScopeUserUpdate,
|
|
ScopeUserUpdatePersonal,
|
|
ScopeUserSecretCreate,
|
|
ScopeUserSecretDelete,
|
|
ScopeUserSecretRead,
|
|
ScopeUserSecretUpdate,
|
|
ScopeWebpushSubscriptionCreate,
|
|
ScopeWebpushSubscriptionDelete,
|
|
ScopeWebpushSubscriptionRead,
|
|
ScopeWorkspaceApplicationConnect,
|
|
ScopeWorkspaceCreate,
|
|
ScopeWorkspaceCreateAgent,
|
|
ScopeWorkspaceDelete,
|
|
ScopeWorkspaceDeleteAgent,
|
|
ScopeWorkspaceRead,
|
|
ScopeWorkspaceSsh,
|
|
ScopeWorkspaceStart,
|
|
ScopeWorkspaceStop,
|
|
ScopeWorkspaceUpdate,
|
|
ScopeWorkspaceAgentDevcontainersCreate,
|
|
ScopeWorkspaceAgentResourceMonitorCreate,
|
|
ScopeWorkspaceAgentResourceMonitorRead,
|
|
ScopeWorkspaceAgentResourceMonitorUpdate,
|
|
ScopeWorkspaceDormantApplicationConnect,
|
|
ScopeWorkspaceDormantCreate,
|
|
ScopeWorkspaceDormantCreateAgent,
|
|
ScopeWorkspaceDormantDelete,
|
|
ScopeWorkspaceDormantDeleteAgent,
|
|
ScopeWorkspaceDormantRead,
|
|
ScopeWorkspaceDormantSsh,
|
|
ScopeWorkspaceDormantStart,
|
|
ScopeWorkspaceDormantStop,
|
|
ScopeWorkspaceDormantUpdate,
|
|
ScopeWorkspaceProxyCreate,
|
|
ScopeWorkspaceProxyDelete,
|
|
ScopeWorkspaceProxyRead,
|
|
ScopeWorkspaceProxyUpdate:
|
|
return true
|
|
}
|
|
return false
|
|
}
|
|
|
|
// AllScopeNameValues returns a slice containing all known scope values,
|
|
// including builtin and generated low-level scopes.
|
|
func AllScopeNameValues() []ScopeName {
|
|
return []ScopeName{
|
|
ScopeName("coder:all"),
|
|
ScopeName("coder:application_connect"),
|
|
ScopeName("no_user_data"),
|
|
ScopeAibridgeInterceptionCreate,
|
|
ScopeAibridgeInterceptionRead,
|
|
ScopeAibridgeInterceptionUpdate,
|
|
ScopeApiKeyCreate,
|
|
ScopeApiKeyDelete,
|
|
ScopeApiKeyRead,
|
|
ScopeApiKeyUpdate,
|
|
ScopeAssignOrgRoleAssign,
|
|
ScopeAssignOrgRoleCreate,
|
|
ScopeAssignOrgRoleDelete,
|
|
ScopeAssignOrgRoleRead,
|
|
ScopeAssignOrgRoleUnassign,
|
|
ScopeAssignOrgRoleUpdate,
|
|
ScopeAssignRoleAssign,
|
|
ScopeAssignRoleRead,
|
|
ScopeAssignRoleUnassign,
|
|
ScopeAuditLogCreate,
|
|
ScopeAuditLogRead,
|
|
ScopeConnectionLogRead,
|
|
ScopeConnectionLogUpdate,
|
|
ScopeCryptoKeyCreate,
|
|
ScopeCryptoKeyDelete,
|
|
ScopeCryptoKeyRead,
|
|
ScopeCryptoKeyUpdate,
|
|
ScopeDebugInfoRead,
|
|
ScopeDeploymentConfigRead,
|
|
ScopeDeploymentConfigUpdate,
|
|
ScopeDeploymentStatsRead,
|
|
ScopeFileCreate,
|
|
ScopeFileRead,
|
|
ScopeGroupCreate,
|
|
ScopeGroupDelete,
|
|
ScopeGroupRead,
|
|
ScopeGroupUpdate,
|
|
ScopeGroupMemberRead,
|
|
ScopeIdpsyncSettingsRead,
|
|
ScopeIdpsyncSettingsUpdate,
|
|
ScopeInboxNotificationCreate,
|
|
ScopeInboxNotificationRead,
|
|
ScopeInboxNotificationUpdate,
|
|
ScopeLicenseCreate,
|
|
ScopeLicenseDelete,
|
|
ScopeLicenseRead,
|
|
ScopeNotificationMessageCreate,
|
|
ScopeNotificationMessageDelete,
|
|
ScopeNotificationMessageRead,
|
|
ScopeNotificationMessageUpdate,
|
|
ScopeNotificationPreferenceRead,
|
|
ScopeNotificationPreferenceUpdate,
|
|
ScopeNotificationTemplateRead,
|
|
ScopeNotificationTemplateUpdate,
|
|
ScopeOauth2AppCreate,
|
|
ScopeOauth2AppDelete,
|
|
ScopeOauth2AppRead,
|
|
ScopeOauth2AppUpdate,
|
|
ScopeOauth2AppCodeTokenCreate,
|
|
ScopeOauth2AppCodeTokenDelete,
|
|
ScopeOauth2AppCodeTokenRead,
|
|
ScopeOauth2AppSecretCreate,
|
|
ScopeOauth2AppSecretDelete,
|
|
ScopeOauth2AppSecretRead,
|
|
ScopeOauth2AppSecretUpdate,
|
|
ScopeOrganizationCreate,
|
|
ScopeOrganizationDelete,
|
|
ScopeOrganizationRead,
|
|
ScopeOrganizationUpdate,
|
|
ScopeOrganizationMemberCreate,
|
|
ScopeOrganizationMemberDelete,
|
|
ScopeOrganizationMemberRead,
|
|
ScopeOrganizationMemberUpdate,
|
|
ScopePrebuiltWorkspaceDelete,
|
|
ScopePrebuiltWorkspaceUpdate,
|
|
ScopeProvisionerDaemonCreate,
|
|
ScopeProvisionerDaemonDelete,
|
|
ScopeProvisionerDaemonRead,
|
|
ScopeProvisionerDaemonUpdate,
|
|
ScopeProvisionerJobsCreate,
|
|
ScopeProvisionerJobsRead,
|
|
ScopeProvisionerJobsUpdate,
|
|
ScopeReplicasRead,
|
|
ScopeSystemCreate,
|
|
ScopeSystemDelete,
|
|
ScopeSystemRead,
|
|
ScopeSystemUpdate,
|
|
ScopeTailnetCoordinatorCreate,
|
|
ScopeTailnetCoordinatorDelete,
|
|
ScopeTailnetCoordinatorRead,
|
|
ScopeTailnetCoordinatorUpdate,
|
|
ScopeTemplateCreate,
|
|
ScopeTemplateDelete,
|
|
ScopeTemplateRead,
|
|
ScopeTemplateUpdate,
|
|
ScopeTemplateUse,
|
|
ScopeTemplateViewInsights,
|
|
ScopeUsageEventCreate,
|
|
ScopeUsageEventRead,
|
|
ScopeUsageEventUpdate,
|
|
ScopeUserCreate,
|
|
ScopeUserDelete,
|
|
ScopeUserRead,
|
|
ScopeUserReadPersonal,
|
|
ScopeUserUpdate,
|
|
ScopeUserUpdatePersonal,
|
|
ScopeUserSecretCreate,
|
|
ScopeUserSecretDelete,
|
|
ScopeUserSecretRead,
|
|
ScopeUserSecretUpdate,
|
|
ScopeWebpushSubscriptionCreate,
|
|
ScopeWebpushSubscriptionDelete,
|
|
ScopeWebpushSubscriptionRead,
|
|
ScopeWorkspaceApplicationConnect,
|
|
ScopeWorkspaceCreate,
|
|
ScopeWorkspaceCreateAgent,
|
|
ScopeWorkspaceDelete,
|
|
ScopeWorkspaceDeleteAgent,
|
|
ScopeWorkspaceRead,
|
|
ScopeWorkspaceSsh,
|
|
ScopeWorkspaceStart,
|
|
ScopeWorkspaceStop,
|
|
ScopeWorkspaceUpdate,
|
|
ScopeWorkspaceAgentDevcontainersCreate,
|
|
ScopeWorkspaceAgentResourceMonitorCreate,
|
|
ScopeWorkspaceAgentResourceMonitorRead,
|
|
ScopeWorkspaceAgentResourceMonitorUpdate,
|
|
ScopeWorkspaceDormantApplicationConnect,
|
|
ScopeWorkspaceDormantCreate,
|
|
ScopeWorkspaceDormantCreateAgent,
|
|
ScopeWorkspaceDormantDelete,
|
|
ScopeWorkspaceDormantDeleteAgent,
|
|
ScopeWorkspaceDormantRead,
|
|
ScopeWorkspaceDormantSsh,
|
|
ScopeWorkspaceDormantStart,
|
|
ScopeWorkspaceDormantStop,
|
|
ScopeWorkspaceDormantUpdate,
|
|
ScopeWorkspaceProxyCreate,
|
|
ScopeWorkspaceProxyDelete,
|
|
ScopeWorkspaceProxyRead,
|
|
ScopeWorkspaceProxyUpdate,
|
|
}
|
|
}
|