Scope & Role Definitions
- This document maps each role with the set of scopes that they're mapped to behind the scenes
- Each scope represents an action that a user can take on the platform
- A role associated with a set of scopes gives the user the permission to perform those scopes(actions) either
- on a resource
- on the platform
Resource Scopes
This table details the available scopes for each resource
| Resource | Permissions |
|---|---|
| Model | model:get, model:edit, model:delete, model:getGuardDashboard, model:getAssociatedPolicies, model:getMonitoringLogs, model:applyPolicy, model:getEvalDashboard, model:createTest, model:getAllTests, model:getTest, model:deleteTest |
| Dataset | dataset:get, dataset:edit, dataset:delete, dataset:createTest |
| Policy | policy:get, policy:edit, policy:delete, policy:train, policy:version, policy:feedback |
Roles to Scopes mapping
Organizational Level Permissions
This lists out the scopes that user have when they're given a specific role at the org level
| Role | Permissions |
|---|---|
| DynamoGuard Admin | model:create, model:get, model:edit, model:delete, policy:create, policy:get, policy:edit, policy:delete |
| DynamoGuard Developer | model:create, policy:create |
| DynamoGuard Member | NA |
| DynamoEval Admin | model:create, model:get, model:edit, model:delete, dataset:create, dataset:get, dataset:edit, dataset:delete |
| DynamoEval Developer | model:create, dataset:create |
| DynamoEval Member | NA |
| IAM Admin | user:create, user:setRole, user:get, user:delete, role:get |
| IAM Editor | user:create, user:setRole, user:get, role:get |
| IAM Viewer | user:get, role:get |
Resource Role Mapping to Permissions
This lists out the scopes that are given to a user when a resource is shared a given role with a user
| Resource | Role | Scopes |
|---|---|---|
| Model | DynamoGuard Owner | model:get, model:edit, model:delete, model:getGuardDashboard, model:getAssociatedPolicies, model:getMonitoringLogs, model:applyPolicy |
| Model | DynamoEval Owner | model:get, model:edit, model:delete, model:getEvalDashboard, model:createTest, model:getAllTests, model:getTest, model:deleteTest |
| Model | DynamoGuard Editor | model:get, model:edit, model:getGuardDashboard, model:getAssociatedPolicies, model:getMonitoringLogs, model:applyPolicy |
| Model | DynamoEval Editor | model:get, model:edit, model:getEvalDashboard, model:createTest, model:getAllTests, model:getTest, model:deleteTest |
| Model | DynamoGuard Viewer | model:get, model:getGuardDashboard, model:getAssociatedPolicies, model:getMonitoringLogs |
| Model | DynamoEval Viewer | model:get, model:getEvalDashboard, model:getAllTests, model:getTest |