From 78190bbdcea16daf997db7e06469d968e40b5604 Mon Sep 17 00:00:00 2001 From: Peter Hamilton Date: Mon, 19 Feb 2018 12:25:21 -0500 Subject: [PATCH] Update operation policy file examples This change updates the operation policy files provided under the examples directory to reflect the new group-based policy model. A future patch will include documentation describing this model. --- examples/legacy_policy.json | 166 ++++++++++++++++++ examples/policy.json | 324 ++++++++++++++++++------------------ 2 files changed, 329 insertions(+), 161 deletions(-) create mode 100644 examples/legacy_policy.json diff --git a/examples/legacy_policy.json b/examples/legacy_policy.json new file mode 100644 index 0000000..2f8b04a --- /dev/null +++ b/examples/legacy_policy.json @@ -0,0 +1,166 @@ +{ + "example": { + "CERTIFICATE": { + "LOCATE": "ALLOW_ALL", + "CHECK": "ALLOW_ALL", + "GET": "ALLOW_ALL", + "GET_ATTRIBUTES": "ALLOW_ALL", + "GET_ATTRIBUTE_LIST": "ALLOW_ALL", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_ALL", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "SYMMETRIC_KEY": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "PUBLIC_KEY": { + "LOCATE": "ALLOW_ALL", + "CHECK": "ALLOW_ALL", + "GET": "ALLOW_ALL", + "GET_ATTRIBUTES": "ALLOW_ALL", + "GET_ATTRIBUTE_LIST": "ALLOW_ALL", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_ALL", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "PRIVATE_KEY": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "SPLIT_KEY": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "TEMPLATE": { + "LOCATE": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER" + }, + "SECRET_DATA": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "OPAQUE_DATA": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "PGP_KEY": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + } + } +} diff --git a/examples/policy.json b/examples/policy.json index 2f8b04a..f683b7e 100644 --- a/examples/policy.json +++ b/examples/policy.json @@ -1,166 +1,168 @@ { "example": { - "CERTIFICATE": { - "LOCATE": "ALLOW_ALL", - "CHECK": "ALLOW_ALL", - "GET": "ALLOW_ALL", - "GET_ATTRIBUTES": "ALLOW_ALL", - "GET_ATTRIBUTE_LIST": "ALLOW_ALL", - "ADD_ATTRIBUTE": "ALLOW_OWNER", - "MODIFY_ATTRIBUTE": "ALLOW_OWNER", - "DELETE_ATTRIBUTE": "ALLOW_OWNER", - "OBTAIN_LEASE": "ALLOW_ALL", - "ACTIVATE": "ALLOW_OWNER", - "REVOKE": "ALLOW_OWNER", - "DESTROY": "ALLOW_OWNER", - "ARCHIVE": "ALLOW_OWNER", - "RECOVER": "ALLOW_OWNER" - }, - "SYMMETRIC_KEY": { - "REKEY": "ALLOW_OWNER", - "REKEY_KEY_PAIR": "ALLOW_OWNER", - "DERIVE_KEY": "ALLOW_OWNER", - "LOCATE": "ALLOW_OWNER", - "CHECK": "ALLOW_OWNER", - "GET": "ALLOW_OWNER", - "GET_ATTRIBUTES": "ALLOW_OWNER", - "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", - "ADD_ATTRIBUTE": "ALLOW_OWNER", - "MODIFY_ATTRIBUTE": "ALLOW_OWNER", - "DELETE_ATTRIBUTE": "ALLOW_OWNER", - "OBTAIN_LEASE": "ALLOW_OWNER", - "GET_USAGE_ALLOCATION": "ALLOW_OWNER", - "ACTIVATE": "ALLOW_OWNER", - "REVOKE": "ALLOW_OWNER", - "DESTROY": "ALLOW_OWNER", - "ARCHIVE": "ALLOW_OWNER", - "RECOVER": "ALLOW_OWNER" - }, - "PUBLIC_KEY": { - "LOCATE": "ALLOW_ALL", - "CHECK": "ALLOW_ALL", - "GET": "ALLOW_ALL", - "GET_ATTRIBUTES": "ALLOW_ALL", - "GET_ATTRIBUTE_LIST": "ALLOW_ALL", - "ADD_ATTRIBUTE": "ALLOW_OWNER", - "MODIFY_ATTRIBUTE": "ALLOW_OWNER", - "DELETE_ATTRIBUTE": "ALLOW_OWNER", - "OBTAIN_LEASE": "ALLOW_ALL", - "ACTIVATE": "ALLOW_OWNER", - "REVOKE": "ALLOW_OWNER", - "DESTROY": "ALLOW_OWNER", - "ARCHIVE": "ALLOW_OWNER", - "RECOVER": "ALLOW_OWNER" - }, - "PRIVATE_KEY": { - "REKEY": "ALLOW_OWNER", - "REKEY_KEY_PAIR": "ALLOW_OWNER", - "DERIVE_KEY": "ALLOW_OWNER", - "LOCATE": "ALLOW_OWNER", - "CHECK": "ALLOW_OWNER", - "GET": "ALLOW_OWNER", - "GET_ATTRIBUTES": "ALLOW_OWNER", - "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", - "ADD_ATTRIBUTE": "ALLOW_OWNER", - "MODIFY_ATTRIBUTE": "ALLOW_OWNER", - "DELETE_ATTRIBUTE": "ALLOW_OWNER", - "OBTAIN_LEASE": "ALLOW_OWNER", - "GET_USAGE_ALLOCATION": "ALLOW_OWNER", - "ACTIVATE": "ALLOW_OWNER", - "REVOKE": "ALLOW_OWNER", - "DESTROY": "ALLOW_OWNER", - "ARCHIVE": "ALLOW_OWNER", - "RECOVER": "ALLOW_OWNER" - }, - "SPLIT_KEY": { - "REKEY": "ALLOW_OWNER", - "REKEY_KEY_PAIR": "ALLOW_OWNER", - "DERIVE_KEY": "ALLOW_OWNER", - "LOCATE": "ALLOW_OWNER", - "CHECK": "ALLOW_OWNER", - "GET": "ALLOW_OWNER", - "GET_ATTRIBUTES": "ALLOW_OWNER", - "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", - "ADD_ATTRIBUTE": "ALLOW_OWNER", - "MODIFY_ATTRIBUTE": "ALLOW_OWNER", - "DELETE_ATTRIBUTE": "ALLOW_OWNER", - "OBTAIN_LEASE": "ALLOW_OWNER", - "GET_USAGE_ALLOCATION": "ALLOW_OWNER", - "ACTIVATE": "ALLOW_OWNER", - "REVOKE": "ALLOW_OWNER", - "DESTROY": "ALLOW_OWNER", - "ARCHIVE": "ALLOW_OWNER", - "RECOVER": "ALLOW_OWNER" - }, - "TEMPLATE": { - "LOCATE": "ALLOW_OWNER", - "GET": "ALLOW_OWNER", - "GET_ATTRIBUTES": "ALLOW_OWNER", - "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", - "ADD_ATTRIBUTE": "ALLOW_OWNER", - "MODIFY_ATTRIBUTE": "ALLOW_OWNER", - "DELETE_ATTRIBUTE": "ALLOW_OWNER", - "DESTROY": "ALLOW_OWNER" - }, - "SECRET_DATA": { - "REKEY": "ALLOW_OWNER", - "REKEY_KEY_PAIR": "ALLOW_OWNER", - "DERIVE_KEY": "ALLOW_OWNER", - "LOCATE": "ALLOW_OWNER", - "CHECK": "ALLOW_OWNER", - "GET": "ALLOW_OWNER", - "GET_ATTRIBUTES": "ALLOW_OWNER", - "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", - "ADD_ATTRIBUTE": "ALLOW_OWNER", - "MODIFY_ATTRIBUTE": "ALLOW_OWNER", - "DELETE_ATTRIBUTE": "ALLOW_OWNER", - "OBTAIN_LEASE": "ALLOW_OWNER", - "GET_USAGE_ALLOCATION": "ALLOW_OWNER", - "ACTIVATE": "ALLOW_OWNER", - "REVOKE": "ALLOW_OWNER", - "DESTROY": "ALLOW_OWNER", - "ARCHIVE": "ALLOW_OWNER", - "RECOVER": "ALLOW_OWNER" - }, - "OPAQUE_DATA": { - "REKEY": "ALLOW_OWNER", - "REKEY_KEY_PAIR": "ALLOW_OWNER", - "DERIVE_KEY": "ALLOW_OWNER", - "LOCATE": "ALLOW_OWNER", - "CHECK": "ALLOW_OWNER", - "GET": "ALLOW_OWNER", - "GET_ATTRIBUTES": "ALLOW_OWNER", - "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", - "ADD_ATTRIBUTE": "ALLOW_OWNER", - "MODIFY_ATTRIBUTE": "ALLOW_OWNER", - "DELETE_ATTRIBUTE": "ALLOW_OWNER", - "OBTAIN_LEASE": "ALLOW_OWNER", - "GET_USAGE_ALLOCATION": "ALLOW_OWNER", - "ACTIVATE": "ALLOW_OWNER", - "REVOKE": "ALLOW_OWNER", - "DESTROY": "ALLOW_OWNER", - "ARCHIVE": "ALLOW_OWNER", - "RECOVER": "ALLOW_OWNER" - }, - "PGP_KEY": { - "REKEY": "ALLOW_OWNER", - "REKEY_KEY_PAIR": "ALLOW_OWNER", - "DERIVE_KEY": "ALLOW_OWNER", - "LOCATE": "ALLOW_OWNER", - "CHECK": "ALLOW_OWNER", - "GET": "ALLOW_OWNER", - "GET_ATTRIBUTES": "ALLOW_OWNER", - "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", - "ADD_ATTRIBUTE": "ALLOW_OWNER", - "MODIFY_ATTRIBUTE": "ALLOW_OWNER", - "DELETE_ATTRIBUTE": "ALLOW_OWNER", - "OBTAIN_LEASE": "ALLOW_OWNER", - "GET_USAGE_ALLOCATION": "ALLOW_OWNER", - "ACTIVATE": "ALLOW_OWNER", - "REVOKE": "ALLOW_OWNER", - "DESTROY": "ALLOW_OWNER", - "ARCHIVE": "ALLOW_OWNER", - "RECOVER": "ALLOW_OWNER" + "default": { + "CERTIFICATE": { + "LOCATE": "ALLOW_ALL", + "CHECK": "ALLOW_ALL", + "GET": "ALLOW_ALL", + "GET_ATTRIBUTES": "ALLOW_ALL", + "GET_ATTRIBUTE_LIST": "ALLOW_ALL", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_ALL", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "SYMMETRIC_KEY": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "PUBLIC_KEY": { + "LOCATE": "ALLOW_ALL", + "CHECK": "ALLOW_ALL", + "GET": "ALLOW_ALL", + "GET_ATTRIBUTES": "ALLOW_ALL", + "GET_ATTRIBUTE_LIST": "ALLOW_ALL", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_ALL", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "PRIVATE_KEY": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "SPLIT_KEY": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "TEMPLATE": { + "LOCATE": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER" + }, + "SECRET_DATA": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "OPAQUE_DATA": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + }, + "PGP_KEY": { + "REKEY": "ALLOW_OWNER", + "REKEY_KEY_PAIR": "ALLOW_OWNER", + "DERIVE_KEY": "ALLOW_OWNER", + "LOCATE": "ALLOW_OWNER", + "CHECK": "ALLOW_OWNER", + "GET": "ALLOW_OWNER", + "GET_ATTRIBUTES": "ALLOW_OWNER", + "GET_ATTRIBUTE_LIST": "ALLOW_OWNER", + "ADD_ATTRIBUTE": "ALLOW_OWNER", + "MODIFY_ATTRIBUTE": "ALLOW_OWNER", + "DELETE_ATTRIBUTE": "ALLOW_OWNER", + "OBTAIN_LEASE": "ALLOW_OWNER", + "GET_USAGE_ALLOCATION": "ALLOW_OWNER", + "ACTIVATE": "ALLOW_OWNER", + "REVOKE": "ALLOW_OWNER", + "DESTROY": "ALLOW_OWNER", + "ARCHIVE": "ALLOW_OWNER", + "RECOVER": "ALLOW_OWNER" + } } } }