--- /dev/null
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+ # The most common configuration options are documented and commented below.
+ # For a complete reference, please see the online documentation at
+ # https://docs.vagrantup.com.
+
+ # Every Vagrant development environment requires a box. You can search for
+ # boxes at https://atlas.hashicorp.com/search.
+ config.vm.box = "xenial64-python27"
+
+ # Disable automatic box update checking. If you disable this, then
+ # boxes will only be checked for updates when the user runs
+ # `vagrant box outdated`. This is not recommended.
+ # config.vm.box_check_update = false
+
+ # Create a forwarded port mapping which allows access to a specific port
+ # within the machine from a port on the host machine. In the example below,
+ # accessing "localhost:8080" will access port 80 on the guest machine.
+ # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+ # Create a private network, which allows host-only access to the machine
+ # using a specific IP.
+ # config.vm.network "private_network", ip: "192.168.33.10"
+
+ # Create a public network, which generally matched to bridged network.
+ # Bridged networks make the machine appear as another physical device on
+ # your network.
+ config.vm.network "public_network"
+
+ # Share an additional folder to the guest VM. The first argument is
+ # the path on the host to the actual folder. The second argument is
+ # the path on the guest to mount the folder. And the optional third
+ # argument is a set of non-required options.
+ # config.vm.synced_folder "../data", "/vagrant_data"
+
+ # Provider-specific configuration so you can fine-tune various
+ # backing providers for Vagrant. These expose provider-specific options.
+ # Example for VirtualBox:
+ #
+ config.vm.provider "virtualbox" do |vb|
+ # # Display the VirtualBox GUI when booting the machine
+ # vb.gui = true
+ #
+ # # Customize the amount of memory on the VM:
+ vb.memory = "4096"
+ vb.cpus = "1"
+ end
+ #
+ # View the documentation for the provider you are using for more
+ # information on available options.
+
+ # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies
+ # such as FTP and Heroku are also available. See the documentation at
+ # https://docs.vagrantup.com/v2/push/atlas.html for more information.
+ # config.push.define "atlas" do |push|
+ # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME"
+ # end
+
+ # Enable provisioning with a shell script. Additional provisioners such as
+ # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
+ # documentation for more information about their specific syntax and use.
+ # config.vm.provision "shell", inline: <<-SHELL
+
+ # SHELL
+end
--- /dev/null
+#!/usr/bin/env bash
+
+apt-get update
+apt-get install -y python3-dev python3-pip git
+pip3 install pip --upgrade
+echo 127.0.0.1 messenger db keystone | tee -a /etc/hosts
+apt-get install -y apt-transport-https ca-certificates curl software-properties-common
+apt-get update
+
+curl -sSL https://get.docker.com | sh
+docker run hello-world
+groupadd docker
+gpasswd -a ${USER} docker
+service docker restart
+
+cd
+git clone https://git.opnfv.org/moon
+cd moon/moonv4
+export MOON_HOME=$(pwd)
+sudo ln -s $(pwd)/moon_orchestrator/conf /etc/moon
+
+docker network create -d bridge --subnet=172.18.0.0/16 --gateway=172.18.0.1 moon
+docker load -i /vagrant/keystone.tar
+
+docker run -dti --net=moon --hostname messenger --name messenger --link messenger:messenger -e RABBITMQ_DEFAULT_USER=moon -e RABBITMQ_DEFAULT_PASS=p4sswOrd1 -e RABBITMQ_NODENAME=rabbit@messenger -e RABBITMQ_DEFAULT_VHOST=moon -p 5671:5671 -p 5672:5672 rabbitmq:3-management
+docker run -dti --net=moon --hostname db --name db -e MYSQL_ROOT_PASSWORD=p4sswOrd1 -e MYSQL_DATABASE=moon -e MYSQL_USER=moon -e MYSQL_PASSWORD=p4sswOrd1 -p 3306:3306 mysql:latest
+
+bash ${MOON_HOME}/bin/build_all.sh
+
+cd ${MOON_HOME}/moon_orchestrator
+pip3 install pip --upgrade
+source ${MOON_HOME}/bin/build_all.sh
+pip3 install -r requirements.txt --upgrade
+pip3 install ${MOON_HOME}/moon_orchestrator/dist/moon_db-0.1.0.tar.gz --upgrade
+pip3 install ${MOON_HOME}/moon_orchestrator/dist/moon_utilities-0.1.0.tar.gz --upgrade
+pip3 install . --upgrade
+
+echo "waiting for Database (it may take time)..."
+echo -e "\033[35m"
+sed '/ready for connections/q' <(docker logs db -f)
+echo -e "\033[m"
+
+echo "waiting for Messenger (it may take time)..."
+echo -e "\033[35m"
+sed '/Server startup complete;/q' <(docker logs messenger -f)
+echo -e "\033[m"
+
+
+docker run -dti --net moon --name keystone --hostname=keystone -e DB_HOST=db -e DB_PASSWORD_ROOT=p4sswOrd1 -p 35357:35357 -p 5000:5000 keystone_mitaka:latest
+
+echo moon_orchestrator
--- /dev/null
+#!/usr/bin/env bash
+
+TEST_SCRIPT=${MOON_HOME}/moon_interface/tests/apitests/set_authz.py
+POPULATE_SCRIPT=${MOON_HOME}/moon_interface/tests/apitests/populate_default_values.py
+RESULT_DIR=${MOON_HOME}/tests/01_smpolicy_average_latency/ida/c6
+SCENARIO_RBAC=${MOON_HOME}/tests/01_smpolicy_average_latency/rbac_10.py
+SCENARIO_SESSION=${MOON_HOME}/tests/01_smpolicy_average_latency/session.py
+
+mkdir -p ${RESULT_DIR} 2>/dev/null
+
+python3 ${POPULATE_SCRIPT} ${SCENARIO_RBAC}
+# python3 ${POPULATE_SCRIPT} ${SCENARIO_SESSION}
+
+python3 ${TEST_SCRIPT} --request-per-second 1 --write="${RESULT_DIR}/data_1.json" --write-html="${RESULT_DIR}/data_1.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 5 --write="${RESULT_DIR}/data_5.json" --write-html="${RESULT_DIR}/data_5.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 15 --write="${RESULT_DIR}/data_15.json" --write-html="${RESULT_DIR}/data_15.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 10 --write="${RESULT_DIR}/data_10.json" --write-html="${RESULT_DIR}/data_10.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 20 --write="${RESULT_DIR}/data_20.json" --write-html="${RESULT_DIR}/data_20.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 25 --write="${RESULT_DIR}/data_25.json" --write-html="${RESULT_DIR}/data_25.html" ${SCENARIO_RBAC}
--- /dev/null
+#!/usr/bin/env bash
+
+DIR=$1
+
+cd ${DIR}
+
+#python3 ${MOON_HOME}/moon_interface/tests/apitests/plot_json.py \
+# --input="data_1.json,data_1bis.json,data_20.json" \
+# --legend="1 req/s,1bis req/s,20 req/s" \
+# -d
+python3 ${MOON_HOME}/moon_interface/tests/apitests/plot_json.py \
+ --input="data_1.json,data_2.json,data_3.json,data_4.json,data_5.json,data_10.json,data_20.json,data_25.json" \
+ --legend="1 req/s,2 req/s,3 req/s,4 req/s,5 req/s,10 req/s,20 req/s,25 req/s" \
+ --plot-result="*" \
+ --plot-average \
+ -d
+#python3 ${MOON_HOME}/moon_interface/tests/apitests/plot_json.py \
+# --input="data_1.json,data_2.json,data_3.json,data_4.json,data_5.json,data_10.json,data_15.json,data_20.json,data_25.json" \
+# --legend="1 req/s,2 req/s,3 req/s,4 req/s,5 req/s,10 req/s,15 req/s,20 req/s,25 req/s" \
+# -d
--- /dev/null
+
+pdp_name = "pdp1"
+policy_name = "RBAC policy example"
+model_name = "RBAC"
+policy_genre = "authz"
+
+subjects = {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+}
+objects = {
+ "vm0": "",
+ "vm1": "",
+ "vm2": "",
+ "vm3": "",
+ "vm4": "",
+ "vm5": "",
+ "vm6": "",
+ "vm7": "",
+ "vm8": "",
+ "vm9": "",
+}
+actions = {
+ "start": "",
+ "stop": "",
+ "pause": "",
+ "unpause": "",
+ "destroy": "",
+}
+
+subject_categories = {"role": "", }
+object_categories = {"id": "", }
+action_categories = {"action-type": "", }
+
+subject_data = {"role": {
+ "admin": "",
+ "employee": "",
+ "dev1": "",
+ "dev2": "",
+ "*": ""
+}}
+object_data = {"id": {
+ "vm0": "",
+ "vm1": "",
+ "vm2": "",
+ "vm3": "",
+ "vm4": "",
+ "vm5": "",
+ "vm6": "",
+ "vm7": "",
+ "vm8": "",
+ "vm9": "",
+ "*": ""
+}}
+action_data = {"action-type": {
+ "vm-read": "",
+ "vm-write": "",
+ "*": ""
+}}
+
+subject_assignments = {
+ "user0": ({"role": "employee"}, {"role": "*"}),
+ "user1": ({"role": "employee"}, {"role": "*"}),
+ "user2": ({"role": "dev1"}, {"role": "*"}),
+ "user3": ({"role": "dev1"}, {"role": "*"}),
+ "user4": ({"role": "dev1"}, {"role": "*"}),
+ "user5": ({"role": "dev1"}, {"role": "*"}),
+ "user6": ({"role": "dev2"}, {"role": "*"}),
+ "user7": ({"role": "dev2"}, {"role": "*"}),
+ "user8": ({"role": "dev2"}, {"role": "*"}),
+ "user9": ({"role": "dev2"}, {"role": "*"}),
+}
+object_assignments = {
+ "vm0": ({"id": "vm0"}, {"id": "*"}),
+ "vm1": ({"id": "vm1"}, {"id": "*"}),
+ "vm2": ({"id": "vm2"}, {"id": "*"}),
+ "vm3": ({"id": "vm3"}, {"id": "*"}),
+ "vm4": ({"id": "vm4"}, {"id": "*"}),
+ "vm5": ({"id": "vm5"}, {"id": "*"}),
+ "vm6": ({"id": "vm6"}, {"id": "*"}),
+ "vm7": ({"id": "vm7"}, {"id": "*"}),
+ "vm8": ({"id": "vm8"}, {"id": "*"}),
+ "vm9": ({"id": "vm9"}, {"id": "*"}),
+}
+action_assignments = {
+ "start": ({"action-type": "vm-write"}, {"action-type": "*"}),
+ "stop": ({"action-type": "vm-write"}, {"action-type": "*"}),
+ "pause": ({"action-type": "vm-read"}, {"action-type": "*"}),
+ "unpause": ({"action-type": "vm-read"}, {"action-type": "*"}),
+ "destroy": ({"action-type": "vm-write"}, {"action-type": "*"}),
+}
+
+meta_rule = {
+ "rbac": {"id": "", "value": ("role", "id", "action-type")},
+}
+
+rules = {
+ "rbac": (
+ {
+ "rule": ("admin", "vm0", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("admin", "vm0", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all employee to do read actions to all VM except vm0
+ {
+ "rule": ("employee", "vm1", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm2", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm3", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm4", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm5", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm6", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm7", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm8", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm9", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev1 to do read actions to some VM
+ {
+ "rule": ("dev1", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev2 to do read actions to some VM
+ {
+ "rule": ("dev2", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ )
+}
+
+
--- /dev/null
+#!/usr/bin/env bash
+
+TEST_SCRIPT=${MOON_HOME}/moon_interface/tests/apitests/set_authz.py
+POPULATE_SCRIPT=${MOON_HOME}/moon_interface/tests/apitests/populate_default_values.py
+RESULT_DIR=${MOON_HOME}/tests/02_smpolicy_chaining_overhead/10_users_rbac
+SCENARIO_RBAC=${MOON_HOME}/tests/02_smpolicy_chaining_overhead/rbac_10.py
+SCENARIO_SESSION=${MOON_HOME}/tests/02_smpolicy_chaining_overhead/session.py
+
+mkdir -p ${RESULT_DIR} 2>/dev/null
+
+python3 ${POPULATE_SCRIPT} ${SCENARIO_RBAC}
+# python3 ${POPULATE_SCRIPT} ${SCENARIO_SESSION}
+
+python3 ${TEST_SCRIPT} --request-per-second 1 --write="${RESULT_DIR}/data_1.json" --write-html="${RESULT_DIR}/data_1.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 2 --write="${RESULT_DIR}/data_2.json" --write-html="${RESULT_DIR}/data_2.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 3 --write="${RESULT_DIR}/data_3.json" --write-html="${RESULT_DIR}/data_3.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 4 --write="${RESULT_DIR}/data_4.json" --write-html="${RESULT_DIR}/data_4.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 5 --write="${RESULT_DIR}/data_5.json" --write-html="${RESULT_DIR}/data_5.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 10 --write="${RESULT_DIR}/data_10.json" --write-html="${RESULT_DIR}/data_10.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 15 --write="${RESULT_DIR}/data_15.json" --write-html="${RESULT_DIR}/data_15.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 20 --write="${RESULT_DIR}/data_20.json" --write-html="${RESULT_DIR}/data_20.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 25 --write="${RESULT_DIR}/data_25.json" --write-html="${RESULT_DIR}/data_25.html" ${SCENARIO_RBAC}
--- /dev/null
+#!/usr/bin/env bash
+
+DIR=$1
+
+cd ${DIR}
+
+python3 ${MOON_HOME}/moon_interface/tests/apitests/plot_json.py \
+ --input="data_1.json,data_2.json,data_3.json,data_4.json,data_5.json,data_10.json,data_15.json,data_20.json" \
+ --legend="1 req/s,2 req/s,3 req/s,4 req/s,5 req/s,10 req/s,15 req/s,20 req/s" \
+ --plot-result="Deny" \
+ --plot-average \
+ -d
+#python3 ${MOON_HOME}/moon_interface/tests/apitests/plot_json.py \
+# --input="data_1.json,data_5.json,data_10.json,data_15.json,data_20.json" \
+# --legend="1 req/s,5 req/s,10 req/s,15 req/s,20 req/s" \
+# -d
+#python3 ${MOON_HOME}/moon_interface/tests/apitests/plot_json.py \
+# --input="data_1.json,data_2.json,data_3.json,data_4.json,data_5.json,data_10.json,data_15.json,data_20.json,data_25.json" \
+# --legend="1 req/s,2 req/s,3 req/s,4 req/s,5 req/s,10 req/s,15 req/s,20 req/s,25 req/s" \
+# -d
--- /dev/null
+
+pdp_name = "pdp1"
+policy_name = "RBAC policy example"
+model_name = "RBAC"
+policy_genre = "authz"
+
+subjects = {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+}
+objects = {
+ "vm0": "",
+ "vm1": "",
+ "vm2": "",
+ "vm3": "",
+ "vm4": "",
+ "vm5": "",
+ "vm6": "",
+ "vm7": "",
+ "vm8": "",
+ "vm9": "",
+}
+actions = {
+ "start": "",
+ "stop": "",
+ "pause": "",
+ "unpause": "",
+ "destroy": "",
+}
+
+subject_categories = {"role": "", }
+object_categories = {"id": "", }
+action_categories = {"action-type": "", }
+
+subject_data = {"role": {
+ "admin": "",
+ "employee": "",
+ "dev1": "",
+ "dev2": "",
+ "*": ""
+}}
+object_data = {"id": {
+ "vm0": "",
+ "vm1": "",
+ "vm2": "",
+ "vm3": "",
+ "vm4": "",
+ "vm5": "",
+ "vm6": "",
+ "vm7": "",
+ "vm8": "",
+ "vm9": "",
+ "*": ""
+}}
+action_data = {"action-type": {
+ "vm-read": "",
+ "vm-write": "",
+ "*": ""
+}}
+
+subject_assignments = {
+ "user0": ({"role": "employee"}, {"role": "*"}),
+ "user1": ({"role": "employee"}, {"role": "*"}),
+ "user2": ({"role": "dev1"}, {"role": "*"}),
+ "user3": ({"role": "dev1"}, {"role": "*"}),
+ "user4": ({"role": "dev1"}, {"role": "*"}),
+ "user5": ({"role": "dev1"}, {"role": "*"}),
+ "user6": ({"role": "dev2"}, {"role": "*"}),
+ "user7": ({"role": "dev2"}, {"role": "*"}),
+ "user8": ({"role": "dev2"}, {"role": "*"}),
+ "user9": ({"role": "dev2"}, {"role": "*"}),
+}
+object_assignments = {
+ "vm0": ({"id": "vm0"}, {"id": "*"}),
+ "vm1": ({"id": "vm1"}, {"id": "*"}),
+ "vm2": ({"id": "vm2"}, {"id": "*"}),
+ "vm3": ({"id": "vm3"}, {"id": "*"}),
+ "vm4": ({"id": "vm4"}, {"id": "*"}),
+ "vm5": ({"id": "vm5"}, {"id": "*"}),
+ "vm6": ({"id": "vm6"}, {"id": "*"}),
+ "vm7": ({"id": "vm7"}, {"id": "*"}),
+ "vm8": ({"id": "vm8"}, {"id": "*"}),
+ "vm9": ({"id": "vm9"}, {"id": "*"}),
+}
+action_assignments = {
+ "start": ({"action-type": "vm-write"}, {"action-type": "*"}),
+ "stop": ({"action-type": "vm-write"}, {"action-type": "*"}),
+ "pause": ({"action-type": "vm-read"}, {"action-type": "*"}),
+ "unpause": ({"action-type": "vm-read"}, {"action-type": "*"}),
+ "destroy": ({"action-type": "vm-write"}, {"action-type": "*"}),
+}
+
+meta_rule = {
+ "rbac": {"id": "", "value": ("role", "id", "action-type")},
+}
+
+rules = {
+ "rbac": (
+ {
+ "rule": ("admin", "vm0", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("admin", "vm0", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all employee to do read actions to all VM except vm0
+ {
+ "rule": ("employee", "vm1", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm2", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm3", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm4", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm5", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm6", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm7", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm8", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm9", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev1 to do read actions to some VM
+ {
+ "rule": ("dev1", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev2 to do read actions to some VM
+ {
+ "rule": ("dev2", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ )
+}
+
+
--- /dev/null
+
+pdp_name = "pdp1"
+policy_name = "RBAC policy example"
+model_name = "RBAC"
+policy_genre = "authz"
+
+subjects = {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+ "user10": "",
+ "user11": "",
+ "user12": "",
+ "user13": "",
+ "user14": "",
+ "user15": "",
+ "user16": "",
+ "user17": "",
+ "user18": "",
+ "user19": "",
+}
+objects = {
+ "vm0": "",
+ "vm1": "",
+ "vm2": "",
+ "vm3": "",
+ "vm4": "",
+ "vm5": "",
+ "vm6": "",
+ "vm7": "",
+ "vm8": "",
+ "vm9": "",
+}
+actions = {
+ "start": "",
+ "stop": "",
+ "pause": "",
+ "unpause": "",
+ "destroy": "",
+}
+
+subject_categories = {"role": "", }
+object_categories = {"id": "", }
+action_categories = {"action-type": "", }
+
+subject_data = {"role": {
+ "admin": "",
+ "employee": "",
+ "dev1": "",
+ "dev2": "",
+ "dev3": "",
+ "dev4": "",
+ "dev5": "",
+ "dev6": "",
+ "dev7": "",
+ "dev8": "",
+ "*": ""
+}}
+object_data = {"id": {
+ "vm0": "",
+ "vm1": "",
+ "vm2": "",
+ "vm3": "",
+ "vm4": "",
+ "vm5": "",
+ "vm6": "",
+ "vm7": "",
+ "vm8": "",
+ "vm9": "",
+ "*": ""
+}}
+action_data = {"action-type": {
+ "vm-read": "",
+ "vm-write": "",
+ "*": ""
+}}
+
+subject_assignments = {
+ "user0": ({"role": "employee"}, {"role": "*"}),
+ "user1": ({"role": "employee"}, {"role": "*"}),
+ "user2": ({"role": "dev1"}, {"role": "*"}),
+ "user3": ({"role": "dev1"}, {"role": "*"}),
+ "user4": ({"role": "dev1"}, {"role": "*"}),
+ "user5": ({"role": "dev1"}, {"role": "*"}),
+ "user6": ({"role": "dev2"}, {"role": "*"}),
+ "user7": ({"role": "dev2"}, {"role": "*"}),
+ "user8": ({"role": "dev2"}, {"role": "*"}),
+ "user9": ({"role": "dev2"}, {"role": "*"}),
+ "user10": ({"role": "employee"}, {"role": "*"}),
+ "user11": ({"role": "employee"}, {"role": "*"}),
+ "user12": ({"role": "dev3"}, {"role": "*"}),
+ "user13": ({"role": "dev3"}, {"role": "*"}),
+ "user14": ({"role": "dev4"}, {"role": "*"}),
+ "user15": ({"role": "dev4"}, {"role": "*"}),
+ "user16": ({"role": "dev5"}, {"role": "*"}),
+ "user17": ({"role": "dev6"}, {"role": "*"}),
+ "user18": ({"role": "dev7"}, {"role": "*"}),
+ "user19": ({"role": "dev8"}, {"role": "*"}),
+}
+object_assignments = {
+ "vm0": ({"id": "vm0"}, {"id": "*"}),
+ "vm1": ({"id": "vm1"}, {"id": "*"}),
+ "vm2": ({"id": "vm2"}, {"id": "*"}),
+ "vm3": ({"id": "vm3"}, {"id": "*"}),
+ "vm4": ({"id": "vm4"}, {"id": "*"}),
+ "vm5": ({"id": "vm5"}, {"id": "*"}),
+ "vm6": ({"id": "vm6"}, {"id": "*"}),
+ "vm7": ({"id": "vm7"}, {"id": "*"}),
+ "vm8": ({"id": "vm8"}, {"id": "*"}),
+ "vm9": ({"id": "vm9"}, {"id": "*"}),
+}
+action_assignments = {
+ "start": ({"action-type": "vm-write"}, {"action-type": "*"}),
+ "stop": ({"action-type": "vm-write"}, {"action-type": "*"}),
+ "pause": ({"action-type": "vm-read"}, {"action-type": "*"}),
+ "unpause": ({"action-type": "vm-read"}, {"action-type": "*"}),
+ "destroy": ({"action-type": "vm-write"}, {"action-type": "*"}),
+}
+
+meta_rule = {
+ "rbac": {"id": "", "value": ("role", "id", "action-type")},
+}
+
+rules = {
+ "rbac": (
+ {
+ "rule": ("admin", "vm0", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("admin", "vm0", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all employee to do read actions to all VM except vm0
+ {
+ "rule": ("employee", "vm1", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm2", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm3", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm4", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm5", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm6", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm7", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm8", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm9", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev1 to do read actions to some VM
+ {
+ "rule": ("dev1", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev2 to do read actions to some VM
+ {
+ "rule": ("dev2", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev3 to do read actions to some VM
+ {
+ "rule": ("dev3", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev3", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev3", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev3", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev4 to do read actions to some VM
+ {
+ "rule": ("dev4", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev5 to do read actions to some VM
+ {
+ "rule": ("dev5", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev5", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev5", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev5", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev6 to do read actions to some VM
+ {
+ "rule": ("dev6", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ )
+}
+
+
--- /dev/null
+
+pdp_name = "pdp1"
+policy_name = "Session policy example"
+model_name = "Session"
+policy_genre = "session"
+
+subjects = {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+}
+objects = {"admin": "", "employee": "", "dev1": "", "dev2": "", }
+actions = {"activate": "", "deactivate": ""}
+
+subject_categories = {"subjectid": "", }
+object_categories = {"role": "", }
+action_categories = {"session-action": "", }
+
+subject_data = {"subjectid": {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+}}
+object_data = {"role": {
+ "admin": "",
+ "employee": "",
+ "dev1": "",
+ "dev2": "",
+ "*": ""
+}}
+action_data = {"session-action": {"activate": "", "deactivate": "", "*": ""}}
+
+subject_assignments = {
+ "user0": ({"subjectid": "user0"}, ),
+ "user1": ({"subjectid": "user1"}, ),
+ "user2": ({"subjectid": "user2"}, ),
+ "user3": ({"subjectid": "user3"}, ),
+ "user4": ({"subjectid": "user4"}, ),
+ "user5": ({"subjectid": "user5"}, ),
+ "user6": ({"subjectid": "user6"}, ),
+ "user7": ({"subjectid": "user7"}, ),
+ "user8": ({"subjectid": "user8"}, ),
+ "user9": ({"subjectid": "user9"}, ),
+}
+object_assignments = {"admin": ({"role": "admin"}, {"role": "*"}),
+ "employee": ({"role": "employee"}, {"role": "*"}),
+ "dev1": ({"role": "employee"}, {"role": "dev1"}, {"role": "*"}),
+ "dev2": ({"role": "employee"}, {"role": "dev2"}, {"role": "*"}),
+ }
+action_assignments = {"activate": ({"session-action": "activate"}, {"session-action": "*"}, ),
+ "deactivate": ({"session-action": "deactivate"}, {"session-action": "*"}, )
+ }
+
+meta_rule = {
+ "session": {"id": "", "value": ("subjectid", "role", "session-action")},
+}
+
+rules = {
+ "session": (
+ {
+ "rule": ("user0", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user1", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ )
+}
+
+
--- /dev/null
+
+pdp_name = "pdp1"
+policy_name = "Session policy example"
+model_name = "Session"
+policy_genre = "session"
+
+subjects = {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+ "user10": "",
+ "user11": "",
+ "user12": "",
+ "user13": "",
+ "user14": "",
+ "user15": "",
+ "user16": "",
+ "user17": "",
+ "user18": "",
+ "user19": "",
+}
+objects = {"admin": "", "employee": "", "dev1": "", "dev3": "",
+ "dev4": "", "dev5": "", "dev6": "", "dev7": "", "dev8": ""}
+actions = {"activate": "", "deactivate": ""}
+
+subject_categories = {"subjectid": "", }
+object_categories = {"role": "", }
+action_categories = {"session-action": "", }
+
+subject_data = {"subjectid": {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+ "user10": "",
+ "user11": "",
+ "user12": "",
+ "user13": "",
+ "user14": "",
+ "user15": "",
+ "user16": "",
+ "user17": "",
+ "user18": "",
+ "user19": "",
+}}
+object_data = {"role": {
+ "admin": "",
+ "employee": "",
+ "dev1": "",
+ "dev2": "",
+ "dev3": "",
+ "dev4": "",
+ "dev5": "",
+ "dev6": "",
+ "dev7": "",
+ "dev8": "",
+ "*": ""
+}}
+action_data = {"session-action": {"activate": "", "deactivate": "", "*": ""}}
+
+subject_assignments = {
+ "user0": ({"subjectid": "user0"}, ),
+ "user1": ({"subjectid": "user1"}, ),
+ "user2": ({"subjectid": "user2"}, ),
+ "user3": ({"subjectid": "user3"}, ),
+ "user4": ({"subjectid": "user4"}, ),
+ "user5": ({"subjectid": "user5"}, ),
+ "user6": ({"subjectid": "user6"}, ),
+ "user7": ({"subjectid": "user7"}, ),
+ "user8": ({"subjectid": "user8"}, ),
+ "user9": ({"subjectid": "user9"}, ),
+ "user10": ({"subjectid": "user10"}, ),
+ "user11": ({"subjectid": "user11"}, ),
+ "user12": ({"subjectid": "user12"}, ),
+ "user13": ({"subjectid": "user13"}, ),
+ "user14": ({"subjectid": "user14"}, ),
+ "user15": ({"subjectid": "user15"}, ),
+ "user16": ({"subjectid": "user16"}, ),
+ "user17": ({"subjectid": "user17"}, ),
+ "user18": ({"subjectid": "user18"}, ),
+ "user19": ({"subjectid": "user19"}, ),
+}
+object_assignments = {"admin": ({"role": "admin"}, {"role": "*"}),
+ "employee": ({"role": "employee"}, {"role": "*"}),
+ "dev1": ({"role": "employee"}, {"role": "dev1"}, {"role": "*"}),
+ "dev2": ({"role": "employee"}, {"role": "dev2"}, {"role": "*"}),
+ "dev3": ({"role": "employee"}, {"role": "dev3"}, {"role": "*"}),
+ "dev4": ({"role": "employee"}, {"role": "dev4"}, {"role": "*"}),
+ "dev5": ({"role": "employee"}, {"role": "dev5"}, {"role": "*"}),
+ "dev6": ({"role": "employee"}, {"role": "dev6"}, {"role": "*"}),
+ "dev7": ({"role": "employee"}, {"role": "dev7"}, {"role": "*"}),
+ "dev8": ({"role": "employee"}, {"role": "dev8"}, {"role": "*"}),
+ }
+action_assignments = {"activate": ({"session-action": "activate"}, {"session-action": "*"}, ),
+ "deactivate": ({"session-action": "deactivate"}, {"session-action": "*"}, )
+ }
+
+meta_rule = {
+ "session": {"id": "", "value": ("subjectid", "role", "session-action")},
+}
+
+rules = {
+ "session": (
+ {
+ "rule": ("user0", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user1", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user10", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user11", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user12", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user12", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user12", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user13", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user13", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user13", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user14", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user14", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user14", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user15", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user15", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user15", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user16", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user16", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user16", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user17", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user17", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user17", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user18", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user18", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user18", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user19", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user19", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user19", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ )
+}
+
+
--- /dev/null
+#!/usr/bin/env bash
+
+TEST_SCRIPT=${MOON_HOME}/moon_interface/tests/apitests/set_authz.py
+POPULATE_SCRIPT=${MOON_HOME}/moon_interface/tests/apitests/populate_default_values.py
+RESULT_DIR=${MOON_HOME}/tests/11_user_scalability/10_users_rbac
+SCENARIO_RBAC=${MOON_HOME}/tests/11_user_scalability/rbac_10.py
+SCENARIO_RBAC2=${MOON_HOME}/tests/11_user_scalability/rbac_20.py
+SCENARIO_RBAC3=${MOON_HOME}/tests/11_user_scalability/rbac_30.py
+SCENARIO_RBAC4=${MOON_HOME}/tests/11_user_scalability/rbac_40.py
+SCENARIO_RBAC5=${MOON_HOME}/tests/11_user_scalability/rbac_50.py
+SCENARIO_SESSION=${MOON_HOME}/tests/11_user_scalability/session_10.py
+SCENARIO_SESSION2=${MOON_HOME}/tests/11_user_scalability/session_20.py
+SCENARIO_SESSION3=${MOON_HOME}/tests/11_user_scalability/session_30.py
+SCENARIO_SESSION4=${MOON_HOME}/tests/11_user_scalability/session_40.py
+SCENARIO_SESSION5=${MOON_HOME}/tests/11_user_scalability/session_50.py
+
+mkdir -p ${RESULT_DIR} 2>/dev/null
+
+python3 ${POPULATE_SCRIPT} ${SCENARIO_RBAC}
+# python3 ${POPULATE_SCRIPT} ${SCENARIO_SESSION}
+
+python3 ${TEST_SCRIPT} --request-per-second 1 --write="${RESULT_DIR}/data_rbac_1_1.json" --write-html="${RESULT_DIR}/data_rbac_1_1.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 2 --write="${RESULT_DIR}/data_rbac_1_2.json" --write-html="${RESULT_DIR}/data_rbac_1_2.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 3 --write="${RESULT_DIR}/data_rbac_1_3.json" --write-html="${RESULT_DIR}/data_rbac_1_3.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 4 --write="${RESULT_DIR}/data_rbac_1_4.json" --write-html="${RESULT_DIR}/data_rbac_1_4.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 5 --write="${RESULT_DIR}/data_rbac_1_5.json" --write-html="${RESULT_DIR}/data_rbac_1_5.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 6 --write="${RESULT_DIR}/data_rbac_1_6.json" --write-html="${RESULT_DIR}/data_rbac_1_6.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 7 --write="${RESULT_DIR}/data_rbac_1_7.json" --write-html="${RESULT_DIR}/data_rbac_1_7.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 8 --write="${RESULT_DIR}/data_rbac_1_8.json" --write-html="${RESULT_DIR}/data_rbac_1_8.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 9 --write="${RESULT_DIR}/data_rbac_1_9.json" --write-html="${RESULT_DIR}/data_rbac_1_9.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 10 --write="${RESULT_DIR}/data_rbac_1_10.json" --write-html="${RESULT_DIR}/data_rbac_1_10.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 11 --write="${RESULT_DIR}/data_rbac_1_11.json" --write-html="${RESULT_DIR}/data_rbac_1_11.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 12 --write="${RESULT_DIR}/data_rbac_1_12.json" --write-html="${RESULT_DIR}/data_rbac_1_12.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 13 --write="${RESULT_DIR}/data_rbac_1_13.json" --write-html="${RESULT_DIR}/data_rbac_1_13.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 14 --write="${RESULT_DIR}/data_rbac_1_14.json" --write-html="${RESULT_DIR}/data_rbac_1_14.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 15 --write="${RESULT_DIR}/data_rbac_1_15.json" --write-html="${RESULT_DIR}/data_rbac_1_15.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 16 --write="${RESULT_DIR}/data_rbac_1_16.json" --write-html="${RESULT_DIR}/data_rbac_1_16.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 17 --write="${RESULT_DIR}/data_rbac_1_17.json" --write-html="${RESULT_DIR}/data_rbac_1_17.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 18 --write="${RESULT_DIR}/data_rbac_1_18.json" --write-html="${RESULT_DIR}/data_rbac_1_18.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 19 --write="${RESULT_DIR}/data_rbac_1_19.json" --write-html="${RESULT_DIR}/data_rbac_1_19.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 20 --write="${RESULT_DIR}/data_rbac_1_20.json" --write-html="${RESULT_DIR}/data_rbac_1_20.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 21 --write="${RESULT_DIR}/data_rbac_1_21.json" --write-html="${RESULT_DIR}/data_rbac_1_21.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 22 --write="${RESULT_DIR}/data_rbac_1_22.json" --write-html="${RESULT_DIR}/data_rbac_1_22.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 23 --write="${RESULT_DIR}/data_rbac_1_23.json" --write-html="${RESULT_DIR}/data_rbac_1_23.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 24 --write="${RESULT_DIR}/data_rbac_1_24.json" --write-html="${RESULT_DIR}/data_rbac_1_24.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 25 --write="${RESULT_DIR}/data_rbac_1_25.json" --write-html="${RESULT_DIR}/data_rbac_1_25.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 26 --write="${RESULT_DIR}/data_rbac_1_26.json" --write-html="${RESULT_DIR}/data_rbac_1_26.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 27 --write="${RESULT_DIR}/data_rbac_1_27.json" --write-html="${RESULT_DIR}/data_rbac_1_27.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 28 --write="${RESULT_DIR}/data_rbac_1_28.json" --write-html="${RESULT_DIR}/data_rbac_1_28.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 29 --write="${RESULT_DIR}/data_rbac_1_29.json" --write-html="${RESULT_DIR}/data_rbac_1_29.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 30 --write="${RESULT_DIR}/data_rbac_1_30.json" --write-html="${RESULT_DIR}/data_rbac_1_30.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 31 --write="${RESULT_DIR}/data_rbac_1_31.json" --write-html="${RESULT_DIR}/data_rbac_1_31.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 32 --write="${RESULT_DIR}/data_rbac_1_32.json" --write-html="${RESULT_DIR}/data_rbac_1_32.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 33 --write="${RESULT_DIR}/data_rbac_1_33.json" --write-html="${RESULT_DIR}/data_rbac_1_33.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 34 --write="${RESULT_DIR}/data_rbac_1_34.json" --write-html="${RESULT_DIR}/data_rbac_1_34.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 35 --write="${RESULT_DIR}/data_rbac_1_35.json" --write-html="${RESULT_DIR}/data_rbac_1_35.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 36 --write="${RESULT_DIR}/data_rbac_1_36.json" --write-html="${RESULT_DIR}/data_rbac_1_36.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 37 --write="${RESULT_DIR}/data_rbac_1_37.json" --write-html="${RESULT_DIR}/data_rbac_1_37.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 38 --write="${RESULT_DIR}/data_rbac_1_38.json" --write-html="${RESULT_DIR}/data_rbac_1_38.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 39 --write="${RESULT_DIR}/data_rbac_1_39.json" --write-html="${RESULT_DIR}/data_rbac_1_39.html" ${SCENARIO_RBAC}
+
+python3 ${POPULATE_SCRIPT} ${SCENARIO_RBAC2}
+# python3 ${POPULATE_SCRIPT} ${SCENARIO_SESSION}
+
+python3 ${TEST_SCRIPT} --request-per-second 1 --write="${RESULT_DIR}/data_rbac_2_1.json" --write-html="${RESULT_DIR}/data_rbac_2_1.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 2 --write="${RESULT_DIR}/data_rbac_2_2.json" --write-html="${RESULT_DIR}/data_rbac_2_2.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 3 --write="${RESULT_DIR}/data_rbac_2_3.json" --write-html="${RESULT_DIR}/data_rbac_2_3.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 4 --write="${RESULT_DIR}/data_rbac_2_4.json" --write-html="${RESULT_DIR}/data_rbac_2_4.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 5 --write="${RESULT_DIR}/data_rbac_2_5.json" --write-html="${RESULT_DIR}/data_rbac_2_5.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 6 --write="${RESULT_DIR}/data_rbac_2_6.json" --write-html="${RESULT_DIR}/data_rbac_2_6.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 7 --write="${RESULT_DIR}/data_rbac_2_7.json" --write-html="${RESULT_DIR}/data_rbac_2_7.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 8 --write="${RESULT_DIR}/data_rbac_2_8.json" --write-html="${RESULT_DIR}/data_rbac_2_8.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 9 --write="${RESULT_DIR}/data_rbac_2_9.json" --write-html="${RESULT_DIR}/data_rbac_2_9.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 10 --write="${RESULT_DIR}/data_rbac_2_10.json" --write-html="${RESULT_DIR}/data_rbac_2_10.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 11 --write="${RESULT_DIR}/data_rbac_2_11.json" --write-html="${RESULT_DIR}/data_rbac_2_11.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 12 --write="${RESULT_DIR}/data_rbac_2_12.json" --write-html="${RESULT_DIR}/data_rbac_2_12.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 13 --write="${RESULT_DIR}/data_rbac_2_13.json" --write-html="${RESULT_DIR}/data_rbac_2_13.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 14 --write="${RESULT_DIR}/data_rbac_2_14.json" --write-html="${RESULT_DIR}/data_rbac_2_14.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 15 --write="${RESULT_DIR}/data_rbac_2_15.json" --write-html="${RESULT_DIR}/data_rbac_2_15.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 16 --write="${RESULT_DIR}/data_rbac_2_16.json" --write-html="${RESULT_DIR}/data_rbac_2_16.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 17 --write="${RESULT_DIR}/data_rbac_2_17.json" --write-html="${RESULT_DIR}/data_rbac_2_17.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 18 --write="${RESULT_DIR}/data_rbac_2_18.json" --write-html="${RESULT_DIR}/data_rbac_2_18.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 19 --write="${RESULT_DIR}/data_rbac_2_19.json" --write-html="${RESULT_DIR}/data_rbac_2_19.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 20 --write="${RESULT_DIR}/data_rbac_2_20.json" --write-html="${RESULT_DIR}/data_rbac_2_20.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 21 --write="${RESULT_DIR}/data_rbac_2_21.json" --write-html="${RESULT_DIR}/data_rbac_2_21.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 22 --write="${RESULT_DIR}/data_rbac_2_22.json" --write-html="${RESULT_DIR}/data_rbac_2_22.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 23 --write="${RESULT_DIR}/data_rbac_2_23.json" --write-html="${RESULT_DIR}/data_rbac_2_23.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 24 --write="${RESULT_DIR}/data_rbac_2_24.json" --write-html="${RESULT_DIR}/data_rbac_2_24.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 25 --write="${RESULT_DIR}/data_rbac_2_25.json" --write-html="${RESULT_DIR}/data_rbac_2_25.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 26 --write="${RESULT_DIR}/data_rbac_2_26.json" --write-html="${RESULT_DIR}/data_rbac_2_26.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 27 --write="${RESULT_DIR}/data_rbac_2_27.json" --write-html="${RESULT_DIR}/data_rbac_2_27.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 28 --write="${RESULT_DIR}/data_rbac_2_28.json" --write-html="${RESULT_DIR}/data_rbac_2_28.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 29 --write="${RESULT_DIR}/data_rbac_2_29.json" --write-html="${RESULT_DIR}/data_rbac_2_29.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 30 --write="${RESULT_DIR}/data_rbac_2_30.json" --write-html="${RESULT_DIR}/data_rbac_2_30.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 31 --write="${RESULT_DIR}/data_rbac_2_31.json" --write-html="${RESULT_DIR}/data_rbac_2_31.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 32 --write="${RESULT_DIR}/data_rbac_2_32.json" --write-html="${RESULT_DIR}/data_rbac_2_32.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 33 --write="${RESULT_DIR}/data_rbac_2_33.json" --write-html="${RESULT_DIR}/data_rbac_2_33.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 34 --write="${RESULT_DIR}/data_rbac_2_34.json" --write-html="${RESULT_DIR}/data_rbac_2_34.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 35 --write="${RESULT_DIR}/data_rbac_2_35.json" --write-html="${RESULT_DIR}/data_rbac_2_35.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 36 --write="${RESULT_DIR}/data_rbac_2_36.json" --write-html="${RESULT_DIR}/data_rbac_2_36.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 37 --write="${RESULT_DIR}/data_rbac_2_37.json" --write-html="${RESULT_DIR}/data_rbac_2_37.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 38 --write="${RESULT_DIR}/data_rbac_2_38.json" --write-html="${RESULT_DIR}/data_rbac_2_38.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 39 --write="${RESULT_DIR}/data_rbac_2_39.json" --write-html="${RESULT_DIR}/data_rbac_2_39.html" ${SCENARIO_RBAC}
+
+python3 ${POPULATE_SCRIPT} ${SCENARIO_RBAC3}
+# python3 ${POPULATE_SCRIPT} ${SCENARIO_SESSION}
+
+python3 ${TEST_SCRIPT} --request-per-second 1 --write="${RESULT_DIR}/data_rbac_3_1.json" --write-html="${RESULT_DIR}/data_rbac_3_1.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 2 --write="${RESULT_DIR}/data_rbac_3_2.json" --write-html="${RESULT_DIR}/data_rbac_3_2.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 3 --write="${RESULT_DIR}/data_rbac_3_3.json" --write-html="${RESULT_DIR}/data_rbac_3_3.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 4 --write="${RESULT_DIR}/data_rbac_3_4.json" --write-html="${RESULT_DIR}/data_rbac_3_4.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 5 --write="${RESULT_DIR}/data_rbac_3_5.json" --write-html="${RESULT_DIR}/data_rbac_3_5.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 6 --write="${RESULT_DIR}/data_rbac_3_6.json" --write-html="${RESULT_DIR}/data_rbac_3_6.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 7 --write="${RESULT_DIR}/data_rbac_3_7.json" --write-html="${RESULT_DIR}/data_rbac_3_7.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 8 --write="${RESULT_DIR}/data_rbac_3_8.json" --write-html="${RESULT_DIR}/data_rbac_3_8.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 9 --write="${RESULT_DIR}/data_rbac_3_9.json" --write-html="${RESULT_DIR}/data_rbac_3_9.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 10 --write="${RESULT_DIR}/data_rbac_3_10.json" --write-html="${RESULT_DIR}/data_rbac_3_10.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 11 --write="${RESULT_DIR}/data_rbac_3_11.json" --write-html="${RESULT_DIR}/data_rbac_3_11.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 12 --write="${RESULT_DIR}/data_rbac_3_12.json" --write-html="${RESULT_DIR}/data_rbac_3_12.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 13 --write="${RESULT_DIR}/data_rbac_3_13.json" --write-html="${RESULT_DIR}/data_rbac_3_13.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 14 --write="${RESULT_DIR}/data_rbac_3_14.json" --write-html="${RESULT_DIR}/data_rbac_3_14.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 15 --write="${RESULT_DIR}/data_rbac_3_15.json" --write-html="${RESULT_DIR}/data_rbac_3_15.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 16 --write="${RESULT_DIR}/data_rbac_3_16.json" --write-html="${RESULT_DIR}/data_rbac_3_16.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 17 --write="${RESULT_DIR}/data_rbac_3_17.json" --write-html="${RESULT_DIR}/data_rbac_3_17.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 18 --write="${RESULT_DIR}/data_rbac_3_18.json" --write-html="${RESULT_DIR}/data_rbac_3_18.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 19 --write="${RESULT_DIR}/data_rbac_3_19.json" --write-html="${RESULT_DIR}/data_rbac_3_19.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 20 --write="${RESULT_DIR}/data_rbac_3_20.json" --write-html="${RESULT_DIR}/data_rbac_3_20.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 21 --write="${RESULT_DIR}/data_rbac_3_21.json" --write-html="${RESULT_DIR}/data_rbac_3_21.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 22 --write="${RESULT_DIR}/data_rbac_3_22.json" --write-html="${RESULT_DIR}/data_rbac_3_22.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 23 --write="${RESULT_DIR}/data_rbac_3_23.json" --write-html="${RESULT_DIR}/data_rbac_3_23.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 24 --write="${RESULT_DIR}/data_rbac_3_24.json" --write-html="${RESULT_DIR}/data_rbac_3_24.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 25 --write="${RESULT_DIR}/data_rbac_3_25.json" --write-html="${RESULT_DIR}/data_rbac_3_25.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 26 --write="${RESULT_DIR}/data_rbac_3_26.json" --write-html="${RESULT_DIR}/data_rbac_3_26.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 27 --write="${RESULT_DIR}/data_rbac_3_27.json" --write-html="${RESULT_DIR}/data_rbac_3_27.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 28 --write="${RESULT_DIR}/data_rbac_3_28.json" --write-html="${RESULT_DIR}/data_rbac_3_28.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 29 --write="${RESULT_DIR}/data_rbac_3_29.json" --write-html="${RESULT_DIR}/data_rbac_3_29.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 30 --write="${RESULT_DIR}/data_rbac_3_30.json" --write-html="${RESULT_DIR}/data_rbac_3_30.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 31 --write="${RESULT_DIR}/data_rbac_3_31.json" --write-html="${RESULT_DIR}/data_rbac_3_31.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 32 --write="${RESULT_DIR}/data_rbac_3_32.json" --write-html="${RESULT_DIR}/data_rbac_3_32.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 33 --write="${RESULT_DIR}/data_rbac_3_33.json" --write-html="${RESULT_DIR}/data_rbac_3_33.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 34 --write="${RESULT_DIR}/data_rbac_3_34.json" --write-html="${RESULT_DIR}/data_rbac_3_34.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 35 --write="${RESULT_DIR}/data_rbac_3_35.json" --write-html="${RESULT_DIR}/data_rbac_3_35.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 36 --write="${RESULT_DIR}/data_rbac_3_36.json" --write-html="${RESULT_DIR}/data_rbac_3_36.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 37 --write="${RESULT_DIR}/data_rbac_3_37.json" --write-html="${RESULT_DIR}/data_rbac_3_37.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 38 --write="${RESULT_DIR}/data_rbac_3_38.json" --write-html="${RESULT_DIR}/data_rbac_3_38.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 39 --write="${RESULT_DIR}/data_rbac_3_39.json" --write-html="${RESULT_DIR}/data_rbac_3_39.html" ${SCENARIO_RBAC}
+
+python3 ${POPULATE_SCRIPT} ${SCENARIO_RBAC4}
+# python3 ${POPULATE_SCRIPT} ${SCENARIO_SESSION}
+
+python3 ${TEST_SCRIPT} --request-per-second 1 --write="${RESULT_DIR}/data_rbac_4_1.json" --write-html="${RESULT_DIR}/data_rbac_4_1.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 2 --write="${RESULT_DIR}/data_rbac_4_2.json" --write-html="${RESULT_DIR}/data_rbac_4_2.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 3 --write="${RESULT_DIR}/data_rbac_4_3.json" --write-html="${RESULT_DIR}/data_rbac_4_3.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 4 --write="${RESULT_DIR}/data_rbac_4_4.json" --write-html="${RESULT_DIR}/data_rbac_4_4.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 5 --write="${RESULT_DIR}/data_rbac_4_5.json" --write-html="${RESULT_DIR}/data_rbac_4_5.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 6 --write="${RESULT_DIR}/data_rbac_4_6.json" --write-html="${RESULT_DIR}/data_rbac_4_6.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 7 --write="${RESULT_DIR}/data_rbac_4_7.json" --write-html="${RESULT_DIR}/data_rbac_4_7.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 8 --write="${RESULT_DIR}/data_rbac_4_8.json" --write-html="${RESULT_DIR}/data_rbac_4_8.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 9 --write="${RESULT_DIR}/data_rbac_4_9.json" --write-html="${RESULT_DIR}/data_rbac_4_9.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 10 --write="${RESULT_DIR}/data_rbac_4_10.json" --write-html="${RESULT_DIR}/data_rbac_4_10.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 11 --write="${RESULT_DIR}/data_rbac_4_11.json" --write-html="${RESULT_DIR}/data_rbac_4_11.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 12 --write="${RESULT_DIR}/data_rbac_4_12.json" --write-html="${RESULT_DIR}/data_rbac_4_12.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 13 --write="${RESULT_DIR}/data_rbac_4_13.json" --write-html="${RESULT_DIR}/data_rbac_4_13.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 14 --write="${RESULT_DIR}/data_rbac_4_14.json" --write-html="${RESULT_DIR}/data_rbac_4_14.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 15 --write="${RESULT_DIR}/data_rbac_4_15.json" --write-html="${RESULT_DIR}/data_rbac_4_15.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 16 --write="${RESULT_DIR}/data_rbac_4_16.json" --write-html="${RESULT_DIR}/data_rbac_4_16.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 17 --write="${RESULT_DIR}/data_rbac_4_17.json" --write-html="${RESULT_DIR}/data_rbac_4_17.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 18 --write="${RESULT_DIR}/data_rbac_4_18.json" --write-html="${RESULT_DIR}/data_rbac_4_18.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 19 --write="${RESULT_DIR}/data_rbac_4_19.json" --write-html="${RESULT_DIR}/data_rbac_4_19.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 20 --write="${RESULT_DIR}/data_rbac_4_20.json" --write-html="${RESULT_DIR}/data_rbac_4_20.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 21 --write="${RESULT_DIR}/data_rbac_4_21.json" --write-html="${RESULT_DIR}/data_rbac_4_21.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 22 --write="${RESULT_DIR}/data_rbac_4_22.json" --write-html="${RESULT_DIR}/data_rbac_4_22.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 23 --write="${RESULT_DIR}/data_rbac_4_23.json" --write-html="${RESULT_DIR}/data_rbac_4_23.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 24 --write="${RESULT_DIR}/data_rbac_4_24.json" --write-html="${RESULT_DIR}/data_rbac_4_24.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 25 --write="${RESULT_DIR}/data_rbac_4_25.json" --write-html="${RESULT_DIR}/data_rbac_4_25.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 26 --write="${RESULT_DIR}/data_rbac_4_26.json" --write-html="${RESULT_DIR}/data_rbac_4_26.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 27 --write="${RESULT_DIR}/data_rbac_4_27.json" --write-html="${RESULT_DIR}/data_rbac_4_27.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 28 --write="${RESULT_DIR}/data_rbac_4_28.json" --write-html="${RESULT_DIR}/data_rbac_4_28.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 29 --write="${RESULT_DIR}/data_rbac_4_29.json" --write-html="${RESULT_DIR}/data_rbac_4_29.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 30 --write="${RESULT_DIR}/data_rbac_4_30.json" --write-html="${RESULT_DIR}/data_rbac_4_30.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 31 --write="${RESULT_DIR}/data_rbac_4_31.json" --write-html="${RESULT_DIR}/data_rbac_4_31.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 32 --write="${RESULT_DIR}/data_rbac_4_32.json" --write-html="${RESULT_DIR}/data_rbac_4_32.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 33 --write="${RESULT_DIR}/data_rbac_4_33.json" --write-html="${RESULT_DIR}/data_rbac_4_33.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 34 --write="${RESULT_DIR}/data_rbac_4_34.json" --write-html="${RESULT_DIR}/data_rbac_4_34.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 35 --write="${RESULT_DIR}/data_rbac_4_35.json" --write-html="${RESULT_DIR}/data_rbac_4_35.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 36 --write="${RESULT_DIR}/data_rbac_4_36.json" --write-html="${RESULT_DIR}/data_rbac_4_36.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 37 --write="${RESULT_DIR}/data_rbac_4_37.json" --write-html="${RESULT_DIR}/data_rbac_4_37.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 38 --write="${RESULT_DIR}/data_rbac_4_38.json" --write-html="${RESULT_DIR}/data_rbac_4_38.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 39 --write="${RESULT_DIR}/data_rbac_4_39.json" --write-html="${RESULT_DIR}/data_rbac_4_39.html" ${SCENARIO_RBAC}
+
+python3 ${POPULATE_SCRIPT} ${SCENARIO_RBAC5}
+# python3 ${POPULATE_SCRIPT} ${SCENARIO_SESSION}
+
+python3 ${TEST_SCRIPT} --request-per-second 1 --write="${RESULT_DIR}/data_rbac_5_1.json" --write-html="${RESULT_DIR}/data_rbac_5_1.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 2 --write="${RESULT_DIR}/data_rbac_5_2.json" --write-html="${RESULT_DIR}/data_rbac_5_2.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 3 --write="${RESULT_DIR}/data_rbac_5_3.json" --write-html="${RESULT_DIR}/data_rbac_5_3.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 4 --write="${RESULT_DIR}/data_rbac_5_4.json" --write-html="${RESULT_DIR}/data_rbac_5_4.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 5 --write="${RESULT_DIR}/data_rbac_5_5.json" --write-html="${RESULT_DIR}/data_rbac_5_5.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 6 --write="${RESULT_DIR}/data_rbac_5_6.json" --write-html="${RESULT_DIR}/data_rbac_5_6.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 7 --write="${RESULT_DIR}/data_rbac_5_7.json" --write-html="${RESULT_DIR}/data_rbac_5_7.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 8 --write="${RESULT_DIR}/data_rbac_5_8.json" --write-html="${RESULT_DIR}/data_rbac_5_8.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 9 --write="${RESULT_DIR}/data_rbac_5_9.json" --write-html="${RESULT_DIR}/data_rbac_5_9.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 10 --write="${RESULT_DIR}/data_rbac_5_10.json" --write-html="${RESULT_DIR}/data_rbac_5_10.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 11 --write="${RESULT_DIR}/data_rbac_5_11.json" --write-html="${RESULT_DIR}/data_rbac_5_11.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 12 --write="${RESULT_DIR}/data_rbac_5_12.json" --write-html="${RESULT_DIR}/data_rbac_5_12.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 13 --write="${RESULT_DIR}/data_rbac_5_13.json" --write-html="${RESULT_DIR}/data_rbac_5_13.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 14 --write="${RESULT_DIR}/data_rbac_5_14.json" --write-html="${RESULT_DIR}/data_rbac_5_14.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 15 --write="${RESULT_DIR}/data_rbac_5_15.json" --write-html="${RESULT_DIR}/data_rbac_5_15.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 16 --write="${RESULT_DIR}/data_rbac_5_16.json" --write-html="${RESULT_DIR}/data_rbac_5_16.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 17 --write="${RESULT_DIR}/data_rbac_5_17.json" --write-html="${RESULT_DIR}/data_rbac_5_17.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 18 --write="${RESULT_DIR}/data_rbac_5_18.json" --write-html="${RESULT_DIR}/data_rbac_5_18.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 19 --write="${RESULT_DIR}/data_rbac_5_19.json" --write-html="${RESULT_DIR}/data_rbac_5_19.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 20 --write="${RESULT_DIR}/data_rbac_5_20.json" --write-html="${RESULT_DIR}/data_rbac_5_20.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 21 --write="${RESULT_DIR}/data_rbac_5_21.json" --write-html="${RESULT_DIR}/data_rbac_5_21.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 22 --write="${RESULT_DIR}/data_rbac_5_22.json" --write-html="${RESULT_DIR}/data_rbac_5_22.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 23 --write="${RESULT_DIR}/data_rbac_5_23.json" --write-html="${RESULT_DIR}/data_rbac_5_23.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 24 --write="${RESULT_DIR}/data_rbac_5_24.json" --write-html="${RESULT_DIR}/data_rbac_5_24.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 25 --write="${RESULT_DIR}/data_rbac_5_25.json" --write-html="${RESULT_DIR}/data_rbac_5_25.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 26 --write="${RESULT_DIR}/data_rbac_5_26.json" --write-html="${RESULT_DIR}/data_rbac_5_26.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 27 --write="${RESULT_DIR}/data_rbac_5_27.json" --write-html="${RESULT_DIR}/data_rbac_5_27.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 28 --write="${RESULT_DIR}/data_rbac_5_28.json" --write-html="${RESULT_DIR}/data_rbac_5_28.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 29 --write="${RESULT_DIR}/data_rbac_5_29.json" --write-html="${RESULT_DIR}/data_rbac_5_29.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 30 --write="${RESULT_DIR}/data_rbac_5_30.json" --write-html="${RESULT_DIR}/data_rbac_5_30.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 31 --write="${RESULT_DIR}/data_rbac_5_31.json" --write-html="${RESULT_DIR}/data_rbac_5_31.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 32 --write="${RESULT_DIR}/data_rbac_5_32.json" --write-html="${RESULT_DIR}/data_rbac_5_32.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 33 --write="${RESULT_DIR}/data_rbac_5_33.json" --write-html="${RESULT_DIR}/data_rbac_5_33.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 34 --write="${RESULT_DIR}/data_rbac_5_34.json" --write-html="${RESULT_DIR}/data_rbac_5_34.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 35 --write="${RESULT_DIR}/data_rbac_5_35.json" --write-html="${RESULT_DIR}/data_rbac_5_35.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 36 --write="${RESULT_DIR}/data_rbac_5_36.json" --write-html="${RESULT_DIR}/data_rbac_5_36.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 37 --write="${RESULT_DIR}/data_rbac_5_37.json" --write-html="${RESULT_DIR}/data_rbac_5_37.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 38 --write="${RESULT_DIR}/data_rbac_5_38.json" --write-html="${RESULT_DIR}/data_rbac_5_38.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 39 --write="${RESULT_DIR}/data_rbac_5_39.json" --write-html="${RESULT_DIR}/data_rbac_5_39.html" ${SCENARIO_RBAC}
+
--- /dev/null
+#!/usr/bin/env bash
+
+TEST_SCRIPT=${MOON_HOME}/moon_interface/tests/apitests/set_authz.py
+POPULATE_SCRIPT=${MOON_HOME}/moon_interface/tests/apitests/populate_default_values.py
+RESULT_DIR=${MOON_HOME}/tests/11_user_scalability/10_users_rbac
+SCENARIO_RBAC=${MOON_HOME}/tests/11_user_scalability/rbac_10.py
+SCENARIO_RBAC2=${MOON_HOME}/tests/11_user_scalability/rbac_20.py
+SCENARIO_RBAC3=${MOON_HOME}/tests/11_user_scalability/rbac_30.py
+SCENARIO_RBAC4=${MOON_HOME}/tests/11_user_scalability/rbac_40.py
+SCENARIO_RBAC5=${MOON_HOME}/tests/11_user_scalability/rbac_50.py
+SCENARIO_SESSION=${MOON_HOME}/tests/11_user_scalability/session_10.py
+SCENARIO_SESSION2=${MOON_HOME}/tests/11_user_scalability/session_20.py
+SCENARIO_SESSION3=${MOON_HOME}/tests/11_user_scalability/session_30.py
+SCENARIO_SESSION4=${MOON_HOME}/tests/11_user_scalability/session_40.py
+SCENARIO_SESSION5=${MOON_HOME}/tests/11_user_scalability/session_50.py
+
+mkdir -p ${RESULT_DIR} 2>/dev/null
+
+python3 ${POPULATE_SCRIPT} ${SCENARIO_RBAC}
+python3 ${POPULATE_SCRIPT} ${SCENARIO_SESSION}
+
+python3 ${TEST_SCRIPT} --request-per-second 1 --write="${RESULT_DIR}/data_rbac_1_1.json" --write-html="${RESULT_DIR}/data_rbac_1_1.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 2 --write="${RESULT_DIR}/data_rbac_1_2.json" --write-html="${RESULT_DIR}/data_rbac_1_2.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 3 --write="${RESULT_DIR}/data_rbac_1_3.json" --write-html="${RESULT_DIR}/data_rbac_1_3.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 4 --write="${RESULT_DIR}/data_rbac_1_4.json" --write-html="${RESULT_DIR}/data_rbac_1_4.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 5 --write="${RESULT_DIR}/data_rbac_1_5.json" --write-html="${RESULT_DIR}/data_rbac_1_5.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 6 --write="${RESULT_DIR}/data_rbac_1_6.json" --write-html="${RESULT_DIR}/data_rbac_1_6.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 7 --write="${RESULT_DIR}/data_rbac_1_7.json" --write-html="${RESULT_DIR}/data_rbac_1_7.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 8 --write="${RESULT_DIR}/data_rbac_1_8.json" --write-html="${RESULT_DIR}/data_rbac_1_8.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 9 --write="${RESULT_DIR}/data_rbac_1_9.json" --write-html="${RESULT_DIR}/data_rbac_1_9.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 10 --write="${RESULT_DIR}/data_rbac_1_10.json" --write-html="${RESULT_DIR}/data_rbac_1_10.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 11 --write="${RESULT_DIR}/data_rbac_1_11.json" --write-html="${RESULT_DIR}/data_rbac_1_11.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 12 --write="${RESULT_DIR}/data_rbac_1_12.json" --write-html="${RESULT_DIR}/data_rbac_1_12.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 13 --write="${RESULT_DIR}/data_rbac_1_13.json" --write-html="${RESULT_DIR}/data_rbac_1_13.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 14 --write="${RESULT_DIR}/data_rbac_1_14.json" --write-html="${RESULT_DIR}/data_rbac_1_14.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 15 --write="${RESULT_DIR}/data_rbac_1_15.json" --write-html="${RESULT_DIR}/data_rbac_1_15.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 16 --write="${RESULT_DIR}/data_rbac_1_16.json" --write-html="${RESULT_DIR}/data_rbac_1_16.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 17 --write="${RESULT_DIR}/data_rbac_1_17.json" --write-html="${RESULT_DIR}/data_rbac_1_17.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 18 --write="${RESULT_DIR}/data_rbac_1_18.json" --write-html="${RESULT_DIR}/data_rbac_1_18.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 19 --write="${RESULT_DIR}/data_rbac_1_19.json" --write-html="${RESULT_DIR}/data_rbac_1_19.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 20 --write="${RESULT_DIR}/data_rbac_1_20.json" --write-html="${RESULT_DIR}/data_rbac_1_20.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 21 --write="${RESULT_DIR}/data_rbac_1_21.json" --write-html="${RESULT_DIR}/data_rbac_1_21.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 22 --write="${RESULT_DIR}/data_rbac_1_22.json" --write-html="${RESULT_DIR}/data_rbac_1_22.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 23 --write="${RESULT_DIR}/data_rbac_1_23.json" --write-html="${RESULT_DIR}/data_rbac_1_23.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 24 --write="${RESULT_DIR}/data_rbac_1_24.json" --write-html="${RESULT_DIR}/data_rbac_1_24.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 25 --write="${RESULT_DIR}/data_rbac_1_25.json" --write-html="${RESULT_DIR}/data_rbac_1_25.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 26 --write="${RESULT_DIR}/data_rbac_1_26.json" --write-html="${RESULT_DIR}/data_rbac_1_26.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 27 --write="${RESULT_DIR}/data_rbac_1_27.json" --write-html="${RESULT_DIR}/data_rbac_1_27.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 28 --write="${RESULT_DIR}/data_rbac_1_28.json" --write-html="${RESULT_DIR}/data_rbac_1_28.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 29 --write="${RESULT_DIR}/data_rbac_1_29.json" --write-html="${RESULT_DIR}/data_rbac_1_29.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 30 --write="${RESULT_DIR}/data_rbac_1_30.json" --write-html="${RESULT_DIR}/data_rbac_1_30.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 31 --write="${RESULT_DIR}/data_rbac_1_31.json" --write-html="${RESULT_DIR}/data_rbac_1_31.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 32 --write="${RESULT_DIR}/data_rbac_1_32.json" --write-html="${RESULT_DIR}/data_rbac_1_32.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 33 --write="${RESULT_DIR}/data_rbac_1_33.json" --write-html="${RESULT_DIR}/data_rbac_1_33.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 34 --write="${RESULT_DIR}/data_rbac_1_34.json" --write-html="${RESULT_DIR}/data_rbac_1_34.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 35 --write="${RESULT_DIR}/data_rbac_1_35.json" --write-html="${RESULT_DIR}/data_rbac_1_35.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 36 --write="${RESULT_DIR}/data_rbac_1_36.json" --write-html="${RESULT_DIR}/data_rbac_1_36.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 37 --write="${RESULT_DIR}/data_rbac_1_37.json" --write-html="${RESULT_DIR}/data_rbac_1_37.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 38 --write="${RESULT_DIR}/data_rbac_1_38.json" --write-html="${RESULT_DIR}/data_rbac_1_38.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 39 --write="${RESULT_DIR}/data_rbac_1_39.json" --write-html="${RESULT_DIR}/data_rbac_1_39.html" ${SCENARIO_RBAC}
+
+python3 ${POPULATE_SCRIPT} ${SCENARIO_RBAC2}
+python3 ${POPULATE_SCRIPT} ${SCENARIO_SESSION2}
+
+python3 ${TEST_SCRIPT} --request-per-second 1 --write="${RESULT_DIR}/data_rbac_2_1.json" --write-html="${RESULT_DIR}/data_rbac_2_1.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 2 --write="${RESULT_DIR}/data_rbac_2_2.json" --write-html="${RESULT_DIR}/data_rbac_2_2.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 3 --write="${RESULT_DIR}/data_rbac_2_3.json" --write-html="${RESULT_DIR}/data_rbac_2_3.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 4 --write="${RESULT_DIR}/data_rbac_2_4.json" --write-html="${RESULT_DIR}/data_rbac_2_4.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 5 --write="${RESULT_DIR}/data_rbac_2_5.json" --write-html="${RESULT_DIR}/data_rbac_2_5.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 6 --write="${RESULT_DIR}/data_rbac_2_6.json" --write-html="${RESULT_DIR}/data_rbac_2_6.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 7 --write="${RESULT_DIR}/data_rbac_2_7.json" --write-html="${RESULT_DIR}/data_rbac_2_7.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 8 --write="${RESULT_DIR}/data_rbac_2_8.json" --write-html="${RESULT_DIR}/data_rbac_2_8.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 9 --write="${RESULT_DIR}/data_rbac_2_9.json" --write-html="${RESULT_DIR}/data_rbac_2_9.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 10 --write="${RESULT_DIR}/data_rbac_2_10.json" --write-html="${RESULT_DIR}/data_rbac_2_10.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 11 --write="${RESULT_DIR}/data_rbac_2_11.json" --write-html="${RESULT_DIR}/data_rbac_2_11.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 12 --write="${RESULT_DIR}/data_rbac_2_12.json" --write-html="${RESULT_DIR}/data_rbac_2_12.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 13 --write="${RESULT_DIR}/data_rbac_2_13.json" --write-html="${RESULT_DIR}/data_rbac_2_13.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 14 --write="${RESULT_DIR}/data_rbac_2_14.json" --write-html="${RESULT_DIR}/data_rbac_2_14.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 15 --write="${RESULT_DIR}/data_rbac_2_15.json" --write-html="${RESULT_DIR}/data_rbac_2_15.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 16 --write="${RESULT_DIR}/data_rbac_2_16.json" --write-html="${RESULT_DIR}/data_rbac_2_16.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 17 --write="${RESULT_DIR}/data_rbac_2_17.json" --write-html="${RESULT_DIR}/data_rbac_2_17.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 18 --write="${RESULT_DIR}/data_rbac_2_18.json" --write-html="${RESULT_DIR}/data_rbac_2_18.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 19 --write="${RESULT_DIR}/data_rbac_2_19.json" --write-html="${RESULT_DIR}/data_rbac_2_19.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 20 --write="${RESULT_DIR}/data_rbac_2_20.json" --write-html="${RESULT_DIR}/data_rbac_2_20.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 21 --write="${RESULT_DIR}/data_rbac_2_21.json" --write-html="${RESULT_DIR}/data_rbac_2_21.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 22 --write="${RESULT_DIR}/data_rbac_2_22.json" --write-html="${RESULT_DIR}/data_rbac_2_22.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 23 --write="${RESULT_DIR}/data_rbac_2_23.json" --write-html="${RESULT_DIR}/data_rbac_2_23.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 24 --write="${RESULT_DIR}/data_rbac_2_24.json" --write-html="${RESULT_DIR}/data_rbac_2_24.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 25 --write="${RESULT_DIR}/data_rbac_2_25.json" --write-html="${RESULT_DIR}/data_rbac_2_25.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 26 --write="${RESULT_DIR}/data_rbac_2_26.json" --write-html="${RESULT_DIR}/data_rbac_2_26.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 27 --write="${RESULT_DIR}/data_rbac_2_27.json" --write-html="${RESULT_DIR}/data_rbac_2_27.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 28 --write="${RESULT_DIR}/data_rbac_2_28.json" --write-html="${RESULT_DIR}/data_rbac_2_28.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 29 --write="${RESULT_DIR}/data_rbac_2_29.json" --write-html="${RESULT_DIR}/data_rbac_2_29.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 30 --write="${RESULT_DIR}/data_rbac_2_30.json" --write-html="${RESULT_DIR}/data_rbac_2_30.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 31 --write="${RESULT_DIR}/data_rbac_2_31.json" --write-html="${RESULT_DIR}/data_rbac_2_31.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 32 --write="${RESULT_DIR}/data_rbac_2_32.json" --write-html="${RESULT_DIR}/data_rbac_2_32.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 33 --write="${RESULT_DIR}/data_rbac_2_33.json" --write-html="${RESULT_DIR}/data_rbac_2_33.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 34 --write="${RESULT_DIR}/data_rbac_2_34.json" --write-html="${RESULT_DIR}/data_rbac_2_34.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 35 --write="${RESULT_DIR}/data_rbac_2_35.json" --write-html="${RESULT_DIR}/data_rbac_2_35.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 36 --write="${RESULT_DIR}/data_rbac_2_36.json" --write-html="${RESULT_DIR}/data_rbac_2_36.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 37 --write="${RESULT_DIR}/data_rbac_2_37.json" --write-html="${RESULT_DIR}/data_rbac_2_37.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 38 --write="${RESULT_DIR}/data_rbac_2_38.json" --write-html="${RESULT_DIR}/data_rbac_2_38.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 39 --write="${RESULT_DIR}/data_rbac_2_39.json" --write-html="${RESULT_DIR}/data_rbac_2_39.html" ${SCENARIO_RBAC}
+
+python3 ${POPULATE_SCRIPT} ${SCENARIO_RBAC3}
+python3 ${POPULATE_SCRIPT} ${SCENARIO_SESSION3}
+
+python3 ${TEST_SCRIPT} --request-per-second 1 --write="${RESULT_DIR}/data_rbac_3_1.json" --write-html="${RESULT_DIR}/data_rbac_3_1.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 2 --write="${RESULT_DIR}/data_rbac_3_2.json" --write-html="${RESULT_DIR}/data_rbac_3_2.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 3 --write="${RESULT_DIR}/data_rbac_3_3.json" --write-html="${RESULT_DIR}/data_rbac_3_3.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 4 --write="${RESULT_DIR}/data_rbac_3_4.json" --write-html="${RESULT_DIR}/data_rbac_3_4.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 5 --write="${RESULT_DIR}/data_rbac_3_5.json" --write-html="${RESULT_DIR}/data_rbac_3_5.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 6 --write="${RESULT_DIR}/data_rbac_3_6.json" --write-html="${RESULT_DIR}/data_rbac_3_6.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 7 --write="${RESULT_DIR}/data_rbac_3_7.json" --write-html="${RESULT_DIR}/data_rbac_3_7.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 8 --write="${RESULT_DIR}/data_rbac_3_8.json" --write-html="${RESULT_DIR}/data_rbac_3_8.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 9 --write="${RESULT_DIR}/data_rbac_3_9.json" --write-html="${RESULT_DIR}/data_rbac_3_9.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 10 --write="${RESULT_DIR}/data_rbac_3_10.json" --write-html="${RESULT_DIR}/data_rbac_3_10.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 11 --write="${RESULT_DIR}/data_rbac_3_11.json" --write-html="${RESULT_DIR}/data_rbac_3_11.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 12 --write="${RESULT_DIR}/data_rbac_3_12.json" --write-html="${RESULT_DIR}/data_rbac_3_12.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 13 --write="${RESULT_DIR}/data_rbac_3_13.json" --write-html="${RESULT_DIR}/data_rbac_3_13.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 14 --write="${RESULT_DIR}/data_rbac_3_14.json" --write-html="${RESULT_DIR}/data_rbac_3_14.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 15 --write="${RESULT_DIR}/data_rbac_3_15.json" --write-html="${RESULT_DIR}/data_rbac_3_15.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 16 --write="${RESULT_DIR}/data_rbac_3_16.json" --write-html="${RESULT_DIR}/data_rbac_3_16.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 17 --write="${RESULT_DIR}/data_rbac_3_17.json" --write-html="${RESULT_DIR}/data_rbac_3_17.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 18 --write="${RESULT_DIR}/data_rbac_3_18.json" --write-html="${RESULT_DIR}/data_rbac_3_18.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 19 --write="${RESULT_DIR}/data_rbac_3_19.json" --write-html="${RESULT_DIR}/data_rbac_3_19.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 20 --write="${RESULT_DIR}/data_rbac_3_20.json" --write-html="${RESULT_DIR}/data_rbac_3_20.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 21 --write="${RESULT_DIR}/data_rbac_3_21.json" --write-html="${RESULT_DIR}/data_rbac_3_21.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 22 --write="${RESULT_DIR}/data_rbac_3_22.json" --write-html="${RESULT_DIR}/data_rbac_3_22.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 23 --write="${RESULT_DIR}/data_rbac_3_23.json" --write-html="${RESULT_DIR}/data_rbac_3_23.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 24 --write="${RESULT_DIR}/data_rbac_3_24.json" --write-html="${RESULT_DIR}/data_rbac_3_24.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 25 --write="${RESULT_DIR}/data_rbac_3_25.json" --write-html="${RESULT_DIR}/data_rbac_3_25.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 26 --write="${RESULT_DIR}/data_rbac_3_26.json" --write-html="${RESULT_DIR}/data_rbac_3_26.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 27 --write="${RESULT_DIR}/data_rbac_3_27.json" --write-html="${RESULT_DIR}/data_rbac_3_27.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 28 --write="${RESULT_DIR}/data_rbac_3_28.json" --write-html="${RESULT_DIR}/data_rbac_3_28.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 29 --write="${RESULT_DIR}/data_rbac_3_29.json" --write-html="${RESULT_DIR}/data_rbac_3_29.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 30 --write="${RESULT_DIR}/data_rbac_3_30.json" --write-html="${RESULT_DIR}/data_rbac_3_30.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 31 --write="${RESULT_DIR}/data_rbac_3_31.json" --write-html="${RESULT_DIR}/data_rbac_3_31.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 32 --write="${RESULT_DIR}/data_rbac_3_32.json" --write-html="${RESULT_DIR}/data_rbac_3_32.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 33 --write="${RESULT_DIR}/data_rbac_3_33.json" --write-html="${RESULT_DIR}/data_rbac_3_33.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 34 --write="${RESULT_DIR}/data_rbac_3_34.json" --write-html="${RESULT_DIR}/data_rbac_3_34.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 35 --write="${RESULT_DIR}/data_rbac_3_35.json" --write-html="${RESULT_DIR}/data_rbac_3_35.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 36 --write="${RESULT_DIR}/data_rbac_3_36.json" --write-html="${RESULT_DIR}/data_rbac_3_36.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 37 --write="${RESULT_DIR}/data_rbac_3_37.json" --write-html="${RESULT_DIR}/data_rbac_3_37.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 38 --write="${RESULT_DIR}/data_rbac_3_38.json" --write-html="${RESULT_DIR}/data_rbac_3_38.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 39 --write="${RESULT_DIR}/data_rbac_3_39.json" --write-html="${RESULT_DIR}/data_rbac_3_39.html" ${SCENARIO_RBAC}
+
+python3 ${POPULATE_SCRIPT} ${SCENARIO_RBAC4}
+python3 ${POPULATE_SCRIPT} ${SCENARIO_SESSION4}
+
+python3 ${TEST_SCRIPT} --request-per-second 1 --write="${RESULT_DIR}/data_rbac_4_1.json" --write-html="${RESULT_DIR}/data_rbac_4_1.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 2 --write="${RESULT_DIR}/data_rbac_4_2.json" --write-html="${RESULT_DIR}/data_rbac_4_2.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 3 --write="${RESULT_DIR}/data_rbac_4_3.json" --write-html="${RESULT_DIR}/data_rbac_4_3.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 4 --write="${RESULT_DIR}/data_rbac_4_4.json" --write-html="${RESULT_DIR}/data_rbac_4_4.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 5 --write="${RESULT_DIR}/data_rbac_4_5.json" --write-html="${RESULT_DIR}/data_rbac_4_5.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 6 --write="${RESULT_DIR}/data_rbac_4_6.json" --write-html="${RESULT_DIR}/data_rbac_4_6.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 7 --write="${RESULT_DIR}/data_rbac_4_7.json" --write-html="${RESULT_DIR}/data_rbac_4_7.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 8 --write="${RESULT_DIR}/data_rbac_4_8.json" --write-html="${RESULT_DIR}/data_rbac_4_8.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 9 --write="${RESULT_DIR}/data_rbac_4_9.json" --write-html="${RESULT_DIR}/data_rbac_4_9.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 10 --write="${RESULT_DIR}/data_rbac_4_10.json" --write-html="${RESULT_DIR}/data_rbac_4_10.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 11 --write="${RESULT_DIR}/data_rbac_4_11.json" --write-html="${RESULT_DIR}/data_rbac_4_11.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 12 --write="${RESULT_DIR}/data_rbac_4_12.json" --write-html="${RESULT_DIR}/data_rbac_4_12.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 13 --write="${RESULT_DIR}/data_rbac_4_13.json" --write-html="${RESULT_DIR}/data_rbac_4_13.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 14 --write="${RESULT_DIR}/data_rbac_4_14.json" --write-html="${RESULT_DIR}/data_rbac_4_14.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 15 --write="${RESULT_DIR}/data_rbac_4_15.json" --write-html="${RESULT_DIR}/data_rbac_4_15.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 16 --write="${RESULT_DIR}/data_rbac_4_16.json" --write-html="${RESULT_DIR}/data_rbac_4_16.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 17 --write="${RESULT_DIR}/data_rbac_4_17.json" --write-html="${RESULT_DIR}/data_rbac_4_17.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 18 --write="${RESULT_DIR}/data_rbac_4_18.json" --write-html="${RESULT_DIR}/data_rbac_4_18.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 19 --write="${RESULT_DIR}/data_rbac_4_19.json" --write-html="${RESULT_DIR}/data_rbac_4_19.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 20 --write="${RESULT_DIR}/data_rbac_4_20.json" --write-html="${RESULT_DIR}/data_rbac_4_20.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 21 --write="${RESULT_DIR}/data_rbac_4_21.json" --write-html="${RESULT_DIR}/data_rbac_4_21.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 22 --write="${RESULT_DIR}/data_rbac_4_22.json" --write-html="${RESULT_DIR}/data_rbac_4_22.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 23 --write="${RESULT_DIR}/data_rbac_4_23.json" --write-html="${RESULT_DIR}/data_rbac_4_23.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 24 --write="${RESULT_DIR}/data_rbac_4_24.json" --write-html="${RESULT_DIR}/data_rbac_4_24.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 25 --write="${RESULT_DIR}/data_rbac_4_25.json" --write-html="${RESULT_DIR}/data_rbac_4_25.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 26 --write="${RESULT_DIR}/data_rbac_4_26.json" --write-html="${RESULT_DIR}/data_rbac_4_26.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 27 --write="${RESULT_DIR}/data_rbac_4_27.json" --write-html="${RESULT_DIR}/data_rbac_4_27.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 28 --write="${RESULT_DIR}/data_rbac_4_28.json" --write-html="${RESULT_DIR}/data_rbac_4_28.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 29 --write="${RESULT_DIR}/data_rbac_4_29.json" --write-html="${RESULT_DIR}/data_rbac_4_29.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 30 --write="${RESULT_DIR}/data_rbac_4_30.json" --write-html="${RESULT_DIR}/data_rbac_4_30.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 31 --write="${RESULT_DIR}/data_rbac_4_31.json" --write-html="${RESULT_DIR}/data_rbac_4_31.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 32 --write="${RESULT_DIR}/data_rbac_4_32.json" --write-html="${RESULT_DIR}/data_rbac_4_32.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 33 --write="${RESULT_DIR}/data_rbac_4_33.json" --write-html="${RESULT_DIR}/data_rbac_4_33.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 34 --write="${RESULT_DIR}/data_rbac_4_34.json" --write-html="${RESULT_DIR}/data_rbac_4_34.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 35 --write="${RESULT_DIR}/data_rbac_4_35.json" --write-html="${RESULT_DIR}/data_rbac_4_35.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 36 --write="${RESULT_DIR}/data_rbac_4_36.json" --write-html="${RESULT_DIR}/data_rbac_4_36.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 37 --write="${RESULT_DIR}/data_rbac_4_37.json" --write-html="${RESULT_DIR}/data_rbac_4_37.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 38 --write="${RESULT_DIR}/data_rbac_4_38.json" --write-html="${RESULT_DIR}/data_rbac_4_38.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 39 --write="${RESULT_DIR}/data_rbac_4_39.json" --write-html="${RESULT_DIR}/data_rbac_4_39.html" ${SCENARIO_RBAC}
+
+python3 ${POPULATE_SCRIPT} ${SCENARIO_RBAC5}
+python3 ${POPULATE_SCRIPT} ${SCENARIO_SESSION5}
+
+python3 ${TEST_SCRIPT} --request-per-second 1 --write="${RESULT_DIR}/data_rbac_5_1.json" --write-html="${RESULT_DIR}/data_rbac_5_1.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 2 --write="${RESULT_DIR}/data_rbac_5_2.json" --write-html="${RESULT_DIR}/data_rbac_5_2.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 3 --write="${RESULT_DIR}/data_rbac_5_3.json" --write-html="${RESULT_DIR}/data_rbac_5_3.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 4 --write="${RESULT_DIR}/data_rbac_5_4.json" --write-html="${RESULT_DIR}/data_rbac_5_4.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 5 --write="${RESULT_DIR}/data_rbac_5_5.json" --write-html="${RESULT_DIR}/data_rbac_5_5.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 6 --write="${RESULT_DIR}/data_rbac_5_6.json" --write-html="${RESULT_DIR}/data_rbac_5_6.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 7 --write="${RESULT_DIR}/data_rbac_5_7.json" --write-html="${RESULT_DIR}/data_rbac_5_7.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 8 --write="${RESULT_DIR}/data_rbac_5_8.json" --write-html="${RESULT_DIR}/data_rbac_5_8.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 9 --write="${RESULT_DIR}/data_rbac_5_9.json" --write-html="${RESULT_DIR}/data_rbac_5_9.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 10 --write="${RESULT_DIR}/data_rbac_5_10.json" --write-html="${RESULT_DIR}/data_rbac_5_10.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 11 --write="${RESULT_DIR}/data_rbac_5_11.json" --write-html="${RESULT_DIR}/data_rbac_5_11.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 12 --write="${RESULT_DIR}/data_rbac_5_12.json" --write-html="${RESULT_DIR}/data_rbac_5_12.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 13 --write="${RESULT_DIR}/data_rbac_5_13.json" --write-html="${RESULT_DIR}/data_rbac_5_13.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 14 --write="${RESULT_DIR}/data_rbac_5_14.json" --write-html="${RESULT_DIR}/data_rbac_5_14.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 15 --write="${RESULT_DIR}/data_rbac_5_15.json" --write-html="${RESULT_DIR}/data_rbac_5_15.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 16 --write="${RESULT_DIR}/data_rbac_5_16.json" --write-html="${RESULT_DIR}/data_rbac_5_16.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 17 --write="${RESULT_DIR}/data_rbac_5_17.json" --write-html="${RESULT_DIR}/data_rbac_5_17.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 18 --write="${RESULT_DIR}/data_rbac_5_18.json" --write-html="${RESULT_DIR}/data_rbac_5_18.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 19 --write="${RESULT_DIR}/data_rbac_5_19.json" --write-html="${RESULT_DIR}/data_rbac_5_19.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 20 --write="${RESULT_DIR}/data_rbac_5_20.json" --write-html="${RESULT_DIR}/data_rbac_5_20.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 21 --write="${RESULT_DIR}/data_rbac_5_21.json" --write-html="${RESULT_DIR}/data_rbac_5_21.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 22 --write="${RESULT_DIR}/data_rbac_5_22.json" --write-html="${RESULT_DIR}/data_rbac_5_22.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 23 --write="${RESULT_DIR}/data_rbac_5_23.json" --write-html="${RESULT_DIR}/data_rbac_5_23.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 24 --write="${RESULT_DIR}/data_rbac_5_24.json" --write-html="${RESULT_DIR}/data_rbac_5_24.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 25 --write="${RESULT_DIR}/data_rbac_5_25.json" --write-html="${RESULT_DIR}/data_rbac_5_25.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 26 --write="${RESULT_DIR}/data_rbac_5_26.json" --write-html="${RESULT_DIR}/data_rbac_5_26.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 27 --write="${RESULT_DIR}/data_rbac_5_27.json" --write-html="${RESULT_DIR}/data_rbac_5_27.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 28 --write="${RESULT_DIR}/data_rbac_5_28.json" --write-html="${RESULT_DIR}/data_rbac_5_28.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 29 --write="${RESULT_DIR}/data_rbac_5_29.json" --write-html="${RESULT_DIR}/data_rbac_5_29.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 30 --write="${RESULT_DIR}/data_rbac_5_30.json" --write-html="${RESULT_DIR}/data_rbac_5_30.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 31 --write="${RESULT_DIR}/data_rbac_5_31.json" --write-html="${RESULT_DIR}/data_rbac_5_31.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 32 --write="${RESULT_DIR}/data_rbac_5_32.json" --write-html="${RESULT_DIR}/data_rbac_5_32.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 33 --write="${RESULT_DIR}/data_rbac_5_33.json" --write-html="${RESULT_DIR}/data_rbac_5_33.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 34 --write="${RESULT_DIR}/data_rbac_5_34.json" --write-html="${RESULT_DIR}/data_rbac_5_34.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 35 --write="${RESULT_DIR}/data_rbac_5_35.json" --write-html="${RESULT_DIR}/data_rbac_5_35.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 36 --write="${RESULT_DIR}/data_rbac_5_36.json" --write-html="${RESULT_DIR}/data_rbac_5_36.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 37 --write="${RESULT_DIR}/data_rbac_5_37.json" --write-html="${RESULT_DIR}/data_rbac_5_37.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 38 --write="${RESULT_DIR}/data_rbac_5_38.json" --write-html="${RESULT_DIR}/data_rbac_5_38.html" ${SCENARIO_RBAC}
+python3 ${TEST_SCRIPT} --request-per-second 39 --write="${RESULT_DIR}/data_rbac_5_39.json" --write-html="${RESULT_DIR}/data_rbac_5_39.html" ${SCENARIO_RBAC}
+
--- /dev/null
+#!/usr/bin/env bash
+
+DIR=$1
+
+cd ${DIR}
+
+#JSON=data_1_1.json,data_1_5.json,data_1_10.json,data_1_15.json,data_1_20.json,data_1_25.json,data_2_1.json,data_2_5.json,data_2_10.json,data_2_15.json,data_2_20.json,data_2_25.json
+#LEGEND="rbac 1 req/s,rbac 5 req/s,rbac 10 req/s,rbac 15 req/s,rbac 20 req/s,rbac 25 req/s,rbac+session 1 req/s,rbac+session 5 req/s,rbac+session 10 req/s,rbac+session 15 req/s,rbac+session 20 req/s,rbac+session 25 req/s"
+#python3 ${MOON_HOME}/moon_interface/tests/apitests/plot_json.py \
+# --input="${JSON}" \
+# --legend="${LEGEND}" \
+# -d
+JSON=data_1_1.json,data_1_5.json,data_1_10.json,data_2_1.json,data_2_5.json,data_2_10.json
+LEGEND="rbac 1 req/s,rbac 5 req/s,rbac 10 req/s,rbac+session 1 req/s,rbac+session 5 req/s,rbac+session 10 req/s"
+python3 ${MOON_HOME}/moon_interface/tests/apitests/plot_json.py \
+ --input="${JSON}" \
+ --legend="${LEGEND}" \
+ -d
+
+
--- /dev/null
+
+pdp_name = "pdp1"
+policy_name = "RBAC policy example"
+model_name = "RBAC"
+policy_genre = "authz"
+
+subjects = {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+}
+objects = {
+ "vm0": "",
+ "vm1": "",
+ "vm2": "",
+ "vm3": "",
+ "vm4": "",
+ "vm5": "",
+ "vm6": "",
+ "vm7": "",
+ "vm8": "",
+ "vm9": "",
+}
+actions = {
+ "start": "",
+ "stop": "",
+ "pause": "",
+ "unpause": "",
+ "destroy": "",
+}
+
+subject_categories = {"role": "", }
+object_categories = {"id": "", }
+action_categories = {"action-type": "", }
+
+subject_data = {"role": {
+ "admin": "",
+ "employee": "",
+ "dev1": "",
+ "dev2": "",
+ "*": ""
+}}
+object_data = {"id": {
+ "vm0": "",
+ "vm1": "",
+ "vm2": "",
+ "vm3": "",
+ "vm4": "",
+ "vm5": "",
+ "vm6": "",
+ "vm7": "",
+ "vm8": "",
+ "vm9": "",
+ "*": ""
+}}
+action_data = {"action-type": {
+ "vm-read": "",
+ "vm-write": "",
+ "*": ""
+}}
+
+subject_assignments = {
+ "user0": ({"role": "employee"}, {"role": "*"}),
+ "user1": ({"role": "employee"}, {"role": "*"}),
+ "user2": ({"role": "dev1"}, {"role": "*"}),
+ "user3": ({"role": "dev1"}, {"role": "*"}),
+ "user4": ({"role": "dev1"}, {"role": "*"}),
+ "user5": ({"role": "dev1"}, {"role": "*"}),
+ "user6": ({"role": "dev2"}, {"role": "*"}),
+ "user7": ({"role": "dev2"}, {"role": "*"}),
+ "user8": ({"role": "dev2"}, {"role": "*"}),
+ "user9": ({"role": "dev2"}, {"role": "*"}),
+}
+object_assignments = {
+ "vm0": ({"id": "vm0"}, {"id": "*"}),
+ "vm1": ({"id": "vm1"}, {"id": "*"}),
+ "vm2": ({"id": "vm2"}, {"id": "*"}),
+ "vm3": ({"id": "vm3"}, {"id": "*"}),
+ "vm4": ({"id": "vm4"}, {"id": "*"}),
+ "vm5": ({"id": "vm5"}, {"id": "*"}),
+ "vm6": ({"id": "vm6"}, {"id": "*"}),
+ "vm7": ({"id": "vm7"}, {"id": "*"}),
+ "vm8": ({"id": "vm8"}, {"id": "*"}),
+ "vm9": ({"id": "vm9"}, {"id": "*"}),
+}
+action_assignments = {
+ "start": ({"action-type": "vm-write"}, {"action-type": "*"}),
+ "stop": ({"action-type": "vm-write"}, {"action-type": "*"}),
+ "pause": ({"action-type": "vm-read"}, {"action-type": "*"}),
+ "unpause": ({"action-type": "vm-read"}, {"action-type": "*"}),
+ "destroy": ({"action-type": "vm-write"}, {"action-type": "*"}),
+}
+
+meta_rule = {
+ "rbac": {"id": "", "value": ("role", "id", "action-type")},
+}
+
+rules = {
+ "rbac": (
+ {
+ "rule": ("admin", "vm0", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("admin", "vm0", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all employee to do read actions to all VM except vm0
+ {
+ "rule": ("employee", "vm1", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm2", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm3", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm4", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm5", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm6", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm7", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm8", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm9", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev1 to do read actions to some VM
+ {
+ "rule": ("dev1", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev2 to do read actions to some VM
+ {
+ "rule": ("dev2", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ )
+}
+
+
--- /dev/null
+
+pdp_name = "pdp1"
+policy_name = "RBAC policy example"
+model_name = "RBAC"
+policy_genre = "authz"
+
+subjects = {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+ "user10": "",
+ "user11": "",
+ "user12": "",
+ "user13": "",
+ "user14": "",
+ "user15": "",
+ "user16": "",
+ "user17": "",
+ "user18": "",
+ "user19": "",
+}
+objects = {
+ "vm0": "",
+ "vm1": "",
+ "vm2": "",
+ "vm3": "",
+ "vm4": "",
+ "vm5": "",
+ "vm6": "",
+ "vm7": "",
+ "vm8": "",
+ "vm9": "",
+}
+actions = {
+ "start": "",
+ "stop": "",
+ "pause": "",
+ "unpause": "",
+ "destroy": "",
+}
+
+subject_categories = {"role": "", }
+object_categories = {"id": "", }
+action_categories = {"action-type": "", }
+
+subject_data = {"role": {
+ "admin": "",
+ "employee": "",
+ "dev1": "",
+ "dev2": "",
+ "dev3": "",
+ "dev4": "",
+ "dev5": "",
+ "dev6": "",
+ "dev7": "",
+ "dev8": "",
+ "*": ""
+}}
+object_data = {"id": {
+ "vm0": "",
+ "vm1": "",
+ "vm2": "",
+ "vm3": "",
+ "vm4": "",
+ "vm5": "",
+ "vm6": "",
+ "vm7": "",
+ "vm8": "",
+ "vm9": "",
+ "*": ""
+}}
+action_data = {"action-type": {
+ "vm-read": "",
+ "vm-write": "",
+ "*": ""
+}}
+
+subject_assignments = {
+ "user0": ({"role": "employee"}, {"role": "*"}),
+ "user1": ({"role": "employee"}, {"role": "*"}),
+ "user2": ({"role": "dev1"}, {"role": "*"}),
+ "user3": ({"role": "dev1"}, {"role": "*"}),
+ "user4": ({"role": "dev1"}, {"role": "*"}),
+ "user5": ({"role": "dev1"}, {"role": "*"}),
+ "user6": ({"role": "dev2"}, {"role": "*"}),
+ "user7": ({"role": "dev2"}, {"role": "*"}),
+ "user8": ({"role": "dev2"}, {"role": "*"}),
+ "user9": ({"role": "dev2"}, {"role": "*"}),
+ "user10": ({"role": "employee"}, {"role": "*"}),
+ "user11": ({"role": "employee"}, {"role": "*"}),
+ "user12": ({"role": "dev3"}, {"role": "*"}),
+ "user13": ({"role": "dev3"}, {"role": "*"}),
+ "user14": ({"role": "dev4"}, {"role": "*"}),
+ "user15": ({"role": "dev4"}, {"role": "*"}),
+ "user16": ({"role": "dev5"}, {"role": "*"}),
+ "user17": ({"role": "dev6"}, {"role": "*"}),
+ "user18": ({"role": "dev7"}, {"role": "*"}),
+ "user19": ({"role": "dev8"}, {"role": "*"}),
+}
+object_assignments = {
+ "vm0": ({"id": "vm0"}, {"id": "*"}),
+ "vm1": ({"id": "vm1"}, {"id": "*"}),
+ "vm2": ({"id": "vm2"}, {"id": "*"}),
+ "vm3": ({"id": "vm3"}, {"id": "*"}),
+ "vm4": ({"id": "vm4"}, {"id": "*"}),
+ "vm5": ({"id": "vm5"}, {"id": "*"}),
+ "vm6": ({"id": "vm6"}, {"id": "*"}),
+ "vm7": ({"id": "vm7"}, {"id": "*"}),
+ "vm8": ({"id": "vm8"}, {"id": "*"}),
+ "vm9": ({"id": "vm9"}, {"id": "*"}),
+}
+action_assignments = {
+ "start": ({"action-type": "vm-write"}, {"action-type": "*"}),
+ "stop": ({"action-type": "vm-write"}, {"action-type": "*"}),
+ "pause": ({"action-type": "vm-read"}, {"action-type": "*"}),
+ "unpause": ({"action-type": "vm-read"}, {"action-type": "*"}),
+ "destroy": ({"action-type": "vm-write"}, {"action-type": "*"}),
+}
+
+meta_rule = {
+ "rbac": {"id": "", "value": ("role", "id", "action-type")},
+}
+
+rules = {
+ "rbac": (
+ {
+ "rule": ("admin", "vm0", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("admin", "vm0", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all employee to do read actions to all VM except vm0
+ {
+ "rule": ("employee", "vm1", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm2", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm3", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm4", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm5", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm6", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm7", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm8", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm9", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev1 to do read actions to some VM
+ {
+ "rule": ("dev1", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev2 to do read actions to some VM
+ {
+ "rule": ("dev2", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev3 to do read actions to some VM
+ {
+ "rule": ("dev3", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev3", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev3", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev3", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev4 to do read actions to some VM
+ {
+ "rule": ("dev4", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev5 to do read actions to some VM
+ {
+ "rule": ("dev5", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev5", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev5", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev5", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev6 to do read actions to some VM
+ {
+ "rule": ("dev6", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ )
+}
+
+
--- /dev/null
+
+pdp_name = "pdp1"
+policy_name = "RBAC policy example"
+model_name = "RBAC"
+policy_genre = "authz"
+
+subjects = {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+ "user10": "",
+ "user11": "",
+ "user12": "",
+ "user13": "",
+ "user14": "",
+ "user15": "",
+ "user16": "",
+ "user17": "",
+ "user18": "",
+ "user19": "",
+ "user20": "",
+ "user21": "",
+ "user22": "",
+ "user23": "",
+ "user24": "",
+ "user25": "",
+ "user26": "",
+ "user27": "",
+ "user28": "",
+ "user29": "",
+}
+objects = {
+ "vm0": "",
+ "vm1": "",
+ "vm2": "",
+ "vm3": "",
+ "vm4": "",
+ "vm5": "",
+ "vm6": "",
+ "vm7": "",
+ "vm8": "",
+ "vm9": "",
+}
+actions = {
+ "start": "",
+ "stop": "",
+ "pause": "",
+ "unpause": "",
+ "destroy": "",
+}
+
+subject_categories = {"role": "", }
+object_categories = {"id": "", }
+action_categories = {"action-type": "", }
+
+subject_data = {"role": {
+ "admin": "",
+ "employee": "",
+ "dev1": "",
+ "dev2": "",
+ "dev3": "",
+ "dev4": "",
+ "dev5": "",
+ "dev6": "",
+ "dev7": "",
+ "dev8": "",
+ "*": ""
+}}
+object_data = {"id": {
+ "vm0": "",
+ "vm1": "",
+ "vm2": "",
+ "vm3": "",
+ "vm4": "",
+ "vm5": "",
+ "vm6": "",
+ "vm7": "",
+ "vm8": "",
+ "vm9": "",
+ "*": ""
+}}
+action_data = {"action-type": {
+ "vm-read": "",
+ "vm-write": "",
+ "*": ""
+}}
+
+subject_assignments = {
+ "user0": ({"role": "employee"}, {"role": "*"}),
+ "user1": ({"role": "employee"}, {"role": "*"}),
+ "user2": ({"role": "dev1"}, {"role": "*"}),
+ "user3": ({"role": "dev1"}, {"role": "*"}),
+ "user4": ({"role": "dev1"}, {"role": "*"}),
+ "user5": ({"role": "dev1"}, {"role": "*"}),
+ "user6": ({"role": "dev2"}, {"role": "*"}),
+ "user7": ({"role": "dev2"}, {"role": "*"}),
+ "user8": ({"role": "dev2"}, {"role": "*"}),
+ "user9": ({"role": "dev2"}, {"role": "*"}),
+ "user10": ({"role": "employee"}, {"role": "*"}),
+ "user11": ({"role": "employee"}, {"role": "*"}),
+ "user12": ({"role": "dev3"}, {"role": "*"}),
+ "user13": ({"role": "dev3"}, {"role": "*"}),
+ "user14": ({"role": "dev4"}, {"role": "*"}),
+ "user15": ({"role": "dev4"}, {"role": "*"}),
+ "user16": ({"role": "dev5"}, {"role": "*"}),
+ "user17": ({"role": "dev6"}, {"role": "*"}),
+ "user18": ({"role": "dev7"}, {"role": "*"}),
+ "user19": ({"role": "dev8"}, {"role": "*"}),
+ "user20": ({"role": "employee"}, {"role": "*"}),
+ "user21": ({"role": "employee"}, {"role": "*"}),
+ "user22": ({"role": "dev3"}, {"role": "*"}),
+ "user23": ({"role": "dev3"}, {"role": "*"}),
+ "user24": ({"role": "dev4"}, {"role": "*"}),
+ "user25": ({"role": "dev4"}, {"role": "*"}),
+ "user26": ({"role": "dev5"}, {"role": "*"}),
+ "user27": ({"role": "dev6"}, {"role": "*"}),
+ "user28": ({"role": "dev7"}, {"role": "*"}),
+ "user29": ({"role": "dev8"}, {"role": "*"}),
+}
+object_assignments = {
+ "vm0": ({"id": "vm0"}, {"id": "*"}),
+ "vm1": ({"id": "vm1"}, {"id": "*"}),
+ "vm2": ({"id": "vm2"}, {"id": "*"}),
+ "vm3": ({"id": "vm3"}, {"id": "*"}),
+ "vm4": ({"id": "vm4"}, {"id": "*"}),
+ "vm5": ({"id": "vm5"}, {"id": "*"}),
+ "vm6": ({"id": "vm6"}, {"id": "*"}),
+ "vm7": ({"id": "vm7"}, {"id": "*"}),
+ "vm8": ({"id": "vm8"}, {"id": "*"}),
+ "vm9": ({"id": "vm9"}, {"id": "*"}),
+}
+action_assignments = {
+ "start": ({"action-type": "vm-write"}, {"action-type": "*"}),
+ "stop": ({"action-type": "vm-write"}, {"action-type": "*"}),
+ "pause": ({"action-type": "vm-read"}, {"action-type": "*"}),
+ "unpause": ({"action-type": "vm-read"}, {"action-type": "*"}),
+ "destroy": ({"action-type": "vm-write"}, {"action-type": "*"}),
+}
+
+meta_rule = {
+ "rbac": {"id": "", "value": ("role", "id", "action-type")},
+}
+
+rules = {
+ "rbac": (
+ {
+ "rule": ("admin", "vm0", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("admin", "vm0", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all employee to do read actions to all VM except vm0
+ {
+ "rule": ("employee", "vm1", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm2", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm3", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm4", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm5", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm6", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm7", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm8", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm9", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev1 to do read actions to some VM
+ {
+ "rule": ("dev1", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev2 to do read actions to some VM
+ {
+ "rule": ("dev2", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev3 to do read actions to some VM
+ {
+ "rule": ("dev3", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev3", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev3", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev3", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev4 to do read actions to some VM
+ {
+ "rule": ("dev4", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev5 to do read actions to some VM
+ {
+ "rule": ("dev5", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev5", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev5", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev5", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev6 to do read actions to some VM
+ {
+ "rule": ("dev6", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ )
+}
+
+
--- /dev/null
+
+pdp_name = "pdp1"
+policy_name = "RBAC policy example"
+model_name = "RBAC"
+policy_genre = "authz"
+
+subjects = {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+ "user10": "",
+ "user11": "",
+ "user12": "",
+ "user13": "",
+ "user14": "",
+ "user15": "",
+ "user16": "",
+ "user17": "",
+ "user18": "",
+ "user19": "",
+ "user20": "",
+ "user21": "",
+ "user22": "",
+ "user23": "",
+ "user24": "",
+ "user25": "",
+ "user26": "",
+ "user27": "",
+ "user28": "",
+ "user29": "",
+ "user30": "",
+ "user31": "",
+ "user32": "",
+ "user33": "",
+ "user34": "",
+ "user35": "",
+ "user36": "",
+ "user37": "",
+ "user38": "",
+ "user39": "",
+}
+objects = {
+ "vm0": "",
+ "vm1": "",
+ "vm2": "",
+ "vm3": "",
+ "vm4": "",
+ "vm5": "",
+ "vm6": "",
+ "vm7": "",
+ "vm8": "",
+ "vm9": "",
+}
+actions = {
+ "start": "",
+ "stop": "",
+ "pause": "",
+ "unpause": "",
+ "destroy": "",
+}
+
+subject_categories = {"role": "", }
+object_categories = {"id": "", }
+action_categories = {"action-type": "", }
+
+subject_data = {"role": {
+ "admin": "",
+ "employee": "",
+ "dev1": "",
+ "dev2": "",
+ "dev3": "",
+ "dev4": "",
+ "dev5": "",
+ "dev6": "",
+ "dev7": "",
+ "dev8": "",
+ "*": ""
+}}
+object_data = {"id": {
+ "vm0": "",
+ "vm1": "",
+ "vm2": "",
+ "vm3": "",
+ "vm4": "",
+ "vm5": "",
+ "vm6": "",
+ "vm7": "",
+ "vm8": "",
+ "vm9": "",
+ "*": ""
+}}
+action_data = {"action-type": {
+ "vm-read": "",
+ "vm-write": "",
+ "*": ""
+}}
+
+subject_assignments = {
+ "user0": ({"role": "employee"}, {"role": "*"}),
+ "user1": ({"role": "employee"}, {"role": "*"}),
+ "user2": ({"role": "dev1"}, {"role": "*"}),
+ "user3": ({"role": "dev1"}, {"role": "*"}),
+ "user4": ({"role": "dev1"}, {"role": "*"}),
+ "user5": ({"role": "dev1"}, {"role": "*"}),
+ "user6": ({"role": "dev2"}, {"role": "*"}),
+ "user7": ({"role": "dev2"}, {"role": "*"}),
+ "user8": ({"role": "dev2"}, {"role": "*"}),
+ "user9": ({"role": "dev2"}, {"role": "*"}),
+ "user10": ({"role": "employee"}, {"role": "*"}),
+ "user11": ({"role": "employee"}, {"role": "*"}),
+ "user12": ({"role": "dev3"}, {"role": "*"}),
+ "user13": ({"role": "dev3"}, {"role": "*"}),
+ "user14": ({"role": "dev4"}, {"role": "*"}),
+ "user15": ({"role": "dev4"}, {"role": "*"}),
+ "user16": ({"role": "dev5"}, {"role": "*"}),
+ "user17": ({"role": "dev6"}, {"role": "*"}),
+ "user18": ({"role": "dev7"}, {"role": "*"}),
+ "user19": ({"role": "dev8"}, {"role": "*"}),
+ "user20": ({"role": "employee"}, {"role": "*"}),
+ "user21": ({"role": "employee"}, {"role": "*"}),
+ "user22": ({"role": "dev3"}, {"role": "*"}),
+ "user23": ({"role": "dev3"}, {"role": "*"}),
+ "user24": ({"role": "dev4"}, {"role": "*"}),
+ "user25": ({"role": "dev4"}, {"role": "*"}),
+ "user26": ({"role": "dev5"}, {"role": "*"}),
+ "user27": ({"role": "dev6"}, {"role": "*"}),
+ "user28": ({"role": "dev7"}, {"role": "*"}),
+ "user29": ({"role": "dev8"}, {"role": "*"}),
+ "user30": ({"role": "employee"}, {"role": "*"}),
+ "user31": ({"role": "employee"}, {"role": "*"}),
+ "user32": ({"role": "dev3"}, {"role": "*"}),
+ "user33": ({"role": "dev3"}, {"role": "*"}),
+ "user34": ({"role": "dev4"}, {"role": "*"}),
+ "user35": ({"role": "dev4"}, {"role": "*"}),
+ "user36": ({"role": "dev5"}, {"role": "*"}),
+ "user37": ({"role": "dev6"}, {"role": "*"}),
+ "user38": ({"role": "dev7"}, {"role": "*"}),
+ "user39": ({"role": "dev8"}, {"role": "*"}),
+}
+object_assignments = {
+ "vm0": ({"id": "vm0"}, {"id": "*"}),
+ "vm1": ({"id": "vm1"}, {"id": "*"}),
+ "vm2": ({"id": "vm2"}, {"id": "*"}),
+ "vm3": ({"id": "vm3"}, {"id": "*"}),
+ "vm4": ({"id": "vm4"}, {"id": "*"}),
+ "vm5": ({"id": "vm5"}, {"id": "*"}),
+ "vm6": ({"id": "vm6"}, {"id": "*"}),
+ "vm7": ({"id": "vm7"}, {"id": "*"}),
+ "vm8": ({"id": "vm8"}, {"id": "*"}),
+ "vm9": ({"id": "vm9"}, {"id": "*"}),
+}
+action_assignments = {
+ "start": ({"action-type": "vm-write"}, {"action-type": "*"}),
+ "stop": ({"action-type": "vm-write"}, {"action-type": "*"}),
+ "pause": ({"action-type": "vm-read"}, {"action-type": "*"}),
+ "unpause": ({"action-type": "vm-read"}, {"action-type": "*"}),
+ "destroy": ({"action-type": "vm-write"}, {"action-type": "*"}),
+}
+
+meta_rule = {
+ "rbac": {"id": "", "value": ("role", "id", "action-type")},
+}
+
+rules = {
+ "rbac": (
+ {
+ "rule": ("admin", "vm0", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("admin", "vm0", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all employee to do read actions to all VM except vm0
+ {
+ "rule": ("employee", "vm1", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm2", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm3", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm4", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm5", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm6", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm7", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm8", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm9", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev1 to do read actions to some VM
+ {
+ "rule": ("dev1", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev2 to do read actions to some VM
+ {
+ "rule": ("dev2", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev3 to do read actions to some VM
+ {
+ "rule": ("dev3", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev3", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev3", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev3", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev4 to do read actions to some VM
+ {
+ "rule": ("dev4", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev5 to do read actions to some VM
+ {
+ "rule": ("dev5", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev5", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev5", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev5", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev6 to do read actions to some VM
+ {
+ "rule": ("dev6", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ )
+}
+
+
--- /dev/null
+
+pdp_name = "pdp1"
+policy_name = "RBAC policy example"
+model_name = "RBAC"
+policy_genre = "authz"
+
+subjects = {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+ "user10": "",
+ "user11": "",
+ "user12": "",
+ "user13": "",
+ "user14": "",
+ "user15": "",
+ "user16": "",
+ "user17": "",
+ "user18": "",
+ "user19": "",
+ "user20": "",
+ "user21": "",
+ "user22": "",
+ "user23": "",
+ "user24": "",
+ "user25": "",
+ "user26": "",
+ "user27": "",
+ "user28": "",
+ "user29": "",
+ "user30": "",
+ "user31": "",
+ "user32": "",
+ "user33": "",
+ "user34": "",
+ "user35": "",
+ "user36": "",
+ "user37": "",
+ "user38": "",
+ "user39": "",
+ "user40": "",
+ "user41": "",
+ "user42": "",
+ "user43": "",
+ "user44": "",
+ "user45": "",
+ "user46": "",
+ "user47": "",
+ "user48": "",
+ "user49": "",
+}
+objects = {
+ "vm0": "",
+ "vm1": "",
+ "vm2": "",
+ "vm3": "",
+ "vm4": "",
+ "vm5": "",
+ "vm6": "",
+ "vm7": "",
+ "vm8": "",
+ "vm9": "",
+}
+actions = {
+ "start": "",
+ "stop": "",
+ "pause": "",
+ "unpause": "",
+ "destroy": "",
+}
+
+subject_categories = {"role": "", }
+object_categories = {"id": "", }
+action_categories = {"action-type": "", }
+
+subject_data = {"role": {
+ "admin": "",
+ "employee": "",
+ "dev1": "",
+ "dev2": "",
+ "dev3": "",
+ "dev4": "",
+ "dev5": "",
+ "dev6": "",
+ "dev7": "",
+ "dev8": "",
+ "*": ""
+}}
+object_data = {"id": {
+ "vm0": "",
+ "vm1": "",
+ "vm2": "",
+ "vm3": "",
+ "vm4": "",
+ "vm5": "",
+ "vm6": "",
+ "vm7": "",
+ "vm8": "",
+ "vm9": "",
+ "*": ""
+}}
+action_data = {"action-type": {
+ "vm-read": "",
+ "vm-write": "",
+ "*": ""
+}}
+
+subject_assignments = {
+ "user0": ({"role": "employee"}, {"role": "*"}),
+ "user1": ({"role": "employee"}, {"role": "*"}),
+ "user2": ({"role": "dev1"}, {"role": "*"}),
+ "user3": ({"role": "dev1"}, {"role": "*"}),
+ "user4": ({"role": "dev1"}, {"role": "*"}),
+ "user5": ({"role": "dev1"}, {"role": "*"}),
+ "user6": ({"role": "dev2"}, {"role": "*"}),
+ "user7": ({"role": "dev2"}, {"role": "*"}),
+ "user8": ({"role": "dev2"}, {"role": "*"}),
+ "user9": ({"role": "dev2"}, {"role": "*"}),
+ "user10": ({"role": "employee"}, {"role": "*"}),
+ "user11": ({"role": "employee"}, {"role": "*"}),
+ "user12": ({"role": "dev3"}, {"role": "*"}),
+ "user13": ({"role": "dev3"}, {"role": "*"}),
+ "user14": ({"role": "dev4"}, {"role": "*"}),
+ "user15": ({"role": "dev4"}, {"role": "*"}),
+ "user16": ({"role": "dev5"}, {"role": "*"}),
+ "user17": ({"role": "dev6"}, {"role": "*"}),
+ "user18": ({"role": "dev7"}, {"role": "*"}),
+ "user19": ({"role": "dev8"}, {"role": "*"}),
+ "user20": ({"role": "employee"}, {"role": "*"}),
+ "user21": ({"role": "employee"}, {"role": "*"}),
+ "user22": ({"role": "dev3"}, {"role": "*"}),
+ "user23": ({"role": "dev3"}, {"role": "*"}),
+ "user24": ({"role": "dev4"}, {"role": "*"}),
+ "user25": ({"role": "dev4"}, {"role": "*"}),
+ "user26": ({"role": "dev5"}, {"role": "*"}),
+ "user27": ({"role": "dev6"}, {"role": "*"}),
+ "user28": ({"role": "dev7"}, {"role": "*"}),
+ "user29": ({"role": "dev8"}, {"role": "*"}),
+ "user30": ({"role": "employee"}, {"role": "*"}),
+ "user31": ({"role": "employee"}, {"role": "*"}),
+ "user32": ({"role": "dev3"}, {"role": "*"}),
+ "user33": ({"role": "dev3"}, {"role": "*"}),
+ "user34": ({"role": "dev4"}, {"role": "*"}),
+ "user35": ({"role": "dev4"}, {"role": "*"}),
+ "user36": ({"role": "dev5"}, {"role": "*"}),
+ "user37": ({"role": "dev6"}, {"role": "*"}),
+ "user38": ({"role": "dev7"}, {"role": "*"}),
+ "user39": ({"role": "dev8"}, {"role": "*"}),
+ "user40": ({"role": "employee"}, {"role": "*"}),
+ "user41": ({"role": "employee"}, {"role": "*"}),
+ "user42": ({"role": "dev3"}, {"role": "*"}),
+ "user43": ({"role": "dev3"}, {"role": "*"}),
+ "user44": ({"role": "dev4"}, {"role": "*"}),
+ "user45": ({"role": "dev4"}, {"role": "*"}),
+ "user46": ({"role": "dev5"}, {"role": "*"}),
+ "user47": ({"role": "dev6"}, {"role": "*"}),
+ "user48": ({"role": "dev7"}, {"role": "*"}),
+ "user49": ({"role": "dev8"}, {"role": "*"}),
+}
+object_assignments = {
+ "vm0": ({"id": "vm0"}, {"id": "*"}),
+ "vm1": ({"id": "vm1"}, {"id": "*"}),
+ "vm2": ({"id": "vm2"}, {"id": "*"}),
+ "vm3": ({"id": "vm3"}, {"id": "*"}),
+ "vm4": ({"id": "vm4"}, {"id": "*"}),
+ "vm5": ({"id": "vm5"}, {"id": "*"}),
+ "vm6": ({"id": "vm6"}, {"id": "*"}),
+ "vm7": ({"id": "vm7"}, {"id": "*"}),
+ "vm8": ({"id": "vm8"}, {"id": "*"}),
+ "vm9": ({"id": "vm9"}, {"id": "*"}),
+}
+action_assignments = {
+ "start": ({"action-type": "vm-write"}, {"action-type": "*"}),
+ "stop": ({"action-type": "vm-write"}, {"action-type": "*"}),
+ "pause": ({"action-type": "vm-read"}, {"action-type": "*"}),
+ "unpause": ({"action-type": "vm-read"}, {"action-type": "*"}),
+ "destroy": ({"action-type": "vm-write"}, {"action-type": "*"}),
+}
+
+meta_rule = {
+ "rbac": {"id": "", "value": ("role", "id", "action-type")},
+}
+
+rules = {
+ "rbac": (
+ {
+ "rule": ("admin", "vm0", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("admin", "vm0", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all employee to do read actions to all VM except vm0
+ {
+ "rule": ("employee", "vm1", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm2", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm3", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm4", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm5", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm6", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm7", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm8", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("employee", "vm9", "vm-read"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev1 to do read actions to some VM
+ {
+ "rule": ("dev1", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev1", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev2 to do read actions to some VM
+ {
+ "rule": ("dev2", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev2", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev3 to do read actions to some VM
+ {
+ "rule": ("dev3", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev3", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev3", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev3", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev4 to do read actions to some VM
+ {
+ "rule": ("dev4", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev4", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev5 to do read actions to some VM
+ {
+ "rule": ("dev5", "vm1", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev5", "vm2", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev5", "vm3", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev5", "vm4", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ # Rules for grant all dev6 to do read actions to some VM
+ {
+ "rule": ("dev6", "vm5", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm6", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm7", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm8", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ {
+ "rule": ("dev6", "vm9", "vm-write"),
+ "instructions": (
+ {"decision": "grant"},
+ )
+ },
+ )
+}
+
+
--- /dev/null
+
+pdp_name = "pdp1"
+policy_name = "Session policy example"
+model_name = "Session"
+policy_genre = "session"
+
+subjects = {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+}
+objects = {"admin": "", "employee": "", "dev1": "", "dev2": "", }
+actions = {"activate": "", "deactivate": ""}
+
+subject_categories = {"subjectid": "", }
+object_categories = {"role": "", }
+action_categories = {"session-action": "", }
+
+subject_data = {"subjectid": {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+}}
+object_data = {"role": {
+ "admin": "",
+ "employee": "",
+ "dev1": "",
+ "dev2": "",
+ "*": ""
+}}
+action_data = {"session-action": {"activate": "", "deactivate": "", "*": ""}}
+
+subject_assignments = {
+ "user0": ({"subjectid": "user0"}, ),
+ "user1": ({"subjectid": "user1"}, ),
+ "user2": ({"subjectid": "user2"}, ),
+ "user3": ({"subjectid": "user3"}, ),
+ "user4": ({"subjectid": "user4"}, ),
+ "user5": ({"subjectid": "user5"}, ),
+ "user6": ({"subjectid": "user6"}, ),
+ "user7": ({"subjectid": "user7"}, ),
+ "user8": ({"subjectid": "user8"}, ),
+ "user9": ({"subjectid": "user9"}, ),
+}
+object_assignments = {"admin": ({"role": "admin"}, {"role": "*"}),
+ "employee": ({"role": "employee"}, {"role": "*"}),
+ "dev1": ({"role": "employee"}, {"role": "dev1"}, {"role": "*"}),
+ "dev2": ({"role": "employee"}, {"role": "dev2"}, {"role": "*"}),
+ }
+action_assignments = {"activate": ({"session-action": "activate"}, {"session-action": "*"}, ),
+ "deactivate": ({"session-action": "deactivate"}, {"session-action": "*"}, )
+ }
+
+meta_rule = {
+ "session": {"id": "", "value": ("subjectid", "role", "session-action")},
+}
+
+rules = {
+ "session": (
+ {
+ "rule": ("user0", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user1", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ )
+}
+
+
--- /dev/null
+
+pdp_name = "pdp1"
+policy_name = "Session policy example"
+model_name = "Session"
+policy_genre = "session"
+
+subjects = {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+ "user10": "",
+ "user11": "",
+ "user12": "",
+ "user13": "",
+ "user14": "",
+ "user15": "",
+ "user16": "",
+ "user17": "",
+ "user18": "",
+ "user19": "",
+}
+objects = {"admin": "", "employee": "", "dev1": "", "dev3": "",
+ "dev4": "", "dev5": "", "dev6": "", "dev7": "", "dev8": ""}
+actions = {"activate": "", "deactivate": ""}
+
+subject_categories = {"subjectid": "", }
+object_categories = {"role": "", }
+action_categories = {"session-action": "", }
+
+subject_data = {"subjectid": {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+ "user10": "",
+ "user11": "",
+ "user12": "",
+ "user13": "",
+ "user14": "",
+ "user15": "",
+ "user16": "",
+ "user17": "",
+ "user18": "",
+ "user19": "",
+}}
+object_data = {"role": {
+ "admin": "",
+ "employee": "",
+ "dev1": "",
+ "dev2": "",
+ "dev3": "",
+ "dev4": "",
+ "dev5": "",
+ "dev6": "",
+ "dev7": "",
+ "dev8": "",
+ "*": ""
+}}
+action_data = {"session-action": {"activate": "", "deactivate": "", "*": ""}}
+
+subject_assignments = {
+ "user0": ({"subjectid": "user0"}, ),
+ "user1": ({"subjectid": "user1"}, ),
+ "user2": ({"subjectid": "user2"}, ),
+ "user3": ({"subjectid": "user3"}, ),
+ "user4": ({"subjectid": "user4"}, ),
+ "user5": ({"subjectid": "user5"}, ),
+ "user6": ({"subjectid": "user6"}, ),
+ "user7": ({"subjectid": "user7"}, ),
+ "user8": ({"subjectid": "user8"}, ),
+ "user9": ({"subjectid": "user9"}, ),
+ "user10": ({"subjectid": "user10"}, ),
+ "user11": ({"subjectid": "user11"}, ),
+ "user12": ({"subjectid": "user12"}, ),
+ "user13": ({"subjectid": "user13"}, ),
+ "user14": ({"subjectid": "user14"}, ),
+ "user15": ({"subjectid": "user15"}, ),
+ "user16": ({"subjectid": "user16"}, ),
+ "user17": ({"subjectid": "user17"}, ),
+ "user18": ({"subjectid": "user18"}, ),
+ "user19": ({"subjectid": "user19"}, ),
+}
+object_assignments = {"admin": ({"role": "admin"}, {"role": "*"}),
+ "employee": ({"role": "employee"}, {"role": "*"}),
+ "dev1": ({"role": "employee"}, {"role": "dev1"}, {"role": "*"}),
+ "dev2": ({"role": "employee"}, {"role": "dev2"}, {"role": "*"}),
+ "dev3": ({"role": "employee"}, {"role": "dev3"}, {"role": "*"}),
+ "dev4": ({"role": "employee"}, {"role": "dev4"}, {"role": "*"}),
+ "dev5": ({"role": "employee"}, {"role": "dev5"}, {"role": "*"}),
+ "dev6": ({"role": "employee"}, {"role": "dev6"}, {"role": "*"}),
+ "dev7": ({"role": "employee"}, {"role": "dev7"}, {"role": "*"}),
+ "dev8": ({"role": "employee"}, {"role": "dev8"}, {"role": "*"}),
+ }
+action_assignments = {"activate": ({"session-action": "activate"}, {"session-action": "*"}, ),
+ "deactivate": ({"session-action": "deactivate"}, {"session-action": "*"}, )
+ }
+
+meta_rule = {
+ "session": {"id": "", "value": ("subjectid", "role", "session-action")},
+}
+
+rules = {
+ "session": (
+ {
+ "rule": ("user0", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user1", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user10", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user11", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user12", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user12", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user12", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user13", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user13", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user13", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user14", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user14", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user14", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user15", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user15", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user15", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user16", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user16", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user16", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user17", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user17", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user17", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user18", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user18", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user18", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user19", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user19", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user19", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ )
+}
+
+
--- /dev/null
+
+pdp_name = "pdp1"
+policy_name = "Session policy example"
+model_name = "Session"
+policy_genre = "session"
+
+subjects = {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+ "user10": "",
+ "user11": "",
+ "user12": "",
+ "user13": "",
+ "user14": "",
+ "user15": "",
+ "user16": "",
+ "user17": "",
+ "user18": "",
+ "user19": "",
+ "user20": "",
+ "user21": "",
+ "user22": "",
+ "user23": "",
+ "user24": "",
+ "user25": "",
+ "user26": "",
+ "user27": "",
+ "user28": "",
+ "user29": "",
+}
+objects = {"admin": "", "employee": "", "dev1": "", "dev3": "",
+ "dev4": "", "dev5": "", "dev6": "", "dev7": "", "dev8": ""}
+actions = {"activate": "", "deactivate": ""}
+
+subject_categories = {"subjectid": "", }
+object_categories = {"role": "", }
+action_categories = {"session-action": "", }
+
+subject_data = {"subjectid": {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+ "user10": "",
+ "user11": "",
+ "user12": "",
+ "user13": "",
+ "user14": "",
+ "user15": "",
+ "user16": "",
+ "user17": "",
+ "user18": "",
+ "user19": "",
+ "user20": "",
+ "user21": "",
+ "user22": "",
+ "user23": "",
+ "user24": "",
+ "user25": "",
+ "user26": "",
+ "user27": "",
+ "user28": "",
+ "user29": "",
+}}
+object_data = {"role": {
+ "admin": "",
+ "employee": "",
+ "dev1": "",
+ "dev2": "",
+ "dev3": "",
+ "dev4": "",
+ "dev5": "",
+ "dev6": "",
+ "dev7": "",
+ "dev8": "",
+ "*": ""
+}}
+action_data = {"session-action": {"activate": "", "deactivate": "", "*": ""}}
+
+subject_assignments = {
+ "user0": ({"subjectid": "user0"}, ),
+ "user1": ({"subjectid": "user1"}, ),
+ "user2": ({"subjectid": "user2"}, ),
+ "user3": ({"subjectid": "user3"}, ),
+ "user4": ({"subjectid": "user4"}, ),
+ "user5": ({"subjectid": "user5"}, ),
+ "user6": ({"subjectid": "user6"}, ),
+ "user7": ({"subjectid": "user7"}, ),
+ "user8": ({"subjectid": "user8"}, ),
+ "user9": ({"subjectid": "user9"}, ),
+ "user10": ({"subjectid": "user10"}, ),
+ "user11": ({"subjectid": "user11"}, ),
+ "user12": ({"subjectid": "user12"}, ),
+ "user13": ({"subjectid": "user13"}, ),
+ "user14": ({"subjectid": "user14"}, ),
+ "user15": ({"subjectid": "user15"}, ),
+ "user16": ({"subjectid": "user16"}, ),
+ "user17": ({"subjectid": "user17"}, ),
+ "user18": ({"subjectid": "user18"}, ),
+ "user19": ({"subjectid": "user19"}, ),
+ "user20": ({"subjectid": "user20"}, ),
+ "user21": ({"subjectid": "user21"}, ),
+ "user22": ({"subjectid": "user22"}, ),
+ "user23": ({"subjectid": "user23"}, ),
+ "user24": ({"subjectid": "user24"}, ),
+ "user25": ({"subjectid": "user25"}, ),
+ "user26": ({"subjectid": "user26"}, ),
+ "user27": ({"subjectid": "user27"}, ),
+ "user28": ({"subjectid": "user28"}, ),
+ "user29": ({"subjectid": "user29"}, ),
+}
+object_assignments = {"admin": ({"role": "admin"}, {"role": "*"}),
+ "employee": ({"role": "employee"}, {"role": "*"}),
+ "dev1": ({"role": "employee"}, {"role": "dev1"}, {"role": "*"}),
+ "dev2": ({"role": "employee"}, {"role": "dev2"}, {"role": "*"}),
+ "dev3": ({"role": "employee"}, {"role": "dev3"}, {"role": "*"}),
+ "dev4": ({"role": "employee"}, {"role": "dev4"}, {"role": "*"}),
+ "dev5": ({"role": "employee"}, {"role": "dev5"}, {"role": "*"}),
+ "dev6": ({"role": "employee"}, {"role": "dev6"}, {"role": "*"}),
+ "dev7": ({"role": "employee"}, {"role": "dev7"}, {"role": "*"}),
+ "dev8": ({"role": "employee"}, {"role": "dev8"}, {"role": "*"}),
+ }
+action_assignments = {"activate": ({"session-action": "activate"}, {"session-action": "*"}, ),
+ "deactivate": ({"session-action": "deactivate"}, {"session-action": "*"}, )
+ }
+
+meta_rule = {
+ "session": {"id": "", "value": ("subjectid", "role", "session-action")},
+}
+
+rules = {
+ "session": (
+ {
+ "rule": ("user0", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user1", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user10", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user11", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user12", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user12", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user12", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user13", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user13", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user13", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user14", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user14", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user14", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user15", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user15", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user15", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user16", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user16", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user16", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user17", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user17", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user17", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user18", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user18", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user18", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user19", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user19", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user19", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user20", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user21", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user22", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user22", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user22", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user23", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user23", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user23", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user24", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user24", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user24", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user25", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user25", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user25", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user26", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user26", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user26", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user27", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user27", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user27", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user28", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user28", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user28", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user29", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user29", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user29", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ )
+}
+
+
--- /dev/null
+
+pdp_name = "pdp1"
+policy_name = "Session policy example"
+model_name = "Session"
+policy_genre = "session"
+
+subjects = {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+ "user10": "",
+ "user11": "",
+ "user12": "",
+ "user13": "",
+ "user14": "",
+ "user15": "",
+ "user16": "",
+ "user17": "",
+ "user18": "",
+ "user19": "",
+ "user20": "",
+ "user21": "",
+ "user22": "",
+ "user23": "",
+ "user24": "",
+ "user25": "",
+ "user26": "",
+ "user27": "",
+ "user28": "",
+ "user29": "",
+ "user30": "",
+ "user31": "",
+ "user32": "",
+ "user33": "",
+ "user34": "",
+ "user35": "",
+ "user36": "",
+ "user37": "",
+ "user38": "",
+ "user39": "",
+}
+objects = {"admin": "", "employee": "", "dev1": "", "dev3": "",
+ "dev4": "", "dev5": "", "dev6": "", "dev7": "", "dev8": ""}
+actions = {"activate": "", "deactivate": ""}
+
+subject_categories = {"subjectid": "", }
+object_categories = {"role": "", }
+action_categories = {"session-action": "", }
+
+subject_data = {"subjectid": {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+ "user10": "",
+ "user11": "",
+ "user12": "",
+ "user13": "",
+ "user14": "",
+ "user15": "",
+ "user16": "",
+ "user17": "",
+ "user18": "",
+ "user19": "",
+ "user20": "",
+ "user21": "",
+ "user22": "",
+ "user23": "",
+ "user24": "",
+ "user25": "",
+ "user26": "",
+ "user27": "",
+ "user28": "",
+ "user29": "",
+ "user30": "",
+ "user31": "",
+ "user32": "",
+ "user33": "",
+ "user34": "",
+ "user35": "",
+ "user36": "",
+ "user37": "",
+ "user38": "",
+ "user39": "",
+}}
+object_data = {"role": {
+ "admin": "",
+ "employee": "",
+ "dev1": "",
+ "dev2": "",
+ "dev3": "",
+ "dev4": "",
+ "dev5": "",
+ "dev6": "",
+ "dev7": "",
+ "dev8": "",
+ "*": ""
+}}
+action_data = {"session-action": {"activate": "", "deactivate": "", "*": ""}}
+
+subject_assignments = {
+ "user0": ({"subjectid": "user0"}, ),
+ "user1": ({"subjectid": "user1"}, ),
+ "user2": ({"subjectid": "user2"}, ),
+ "user3": ({"subjectid": "user3"}, ),
+ "user4": ({"subjectid": "user4"}, ),
+ "user5": ({"subjectid": "user5"}, ),
+ "user6": ({"subjectid": "user6"}, ),
+ "user7": ({"subjectid": "user7"}, ),
+ "user8": ({"subjectid": "user8"}, ),
+ "user9": ({"subjectid": "user9"}, ),
+ "user10": ({"subjectid": "user10"}, ),
+ "user11": ({"subjectid": "user11"}, ),
+ "user12": ({"subjectid": "user12"}, ),
+ "user13": ({"subjectid": "user13"}, ),
+ "user14": ({"subjectid": "user14"}, ),
+ "user15": ({"subjectid": "user15"}, ),
+ "user16": ({"subjectid": "user16"}, ),
+ "user17": ({"subjectid": "user17"}, ),
+ "user18": ({"subjectid": "user18"}, ),
+ "user19": ({"subjectid": "user19"}, ),
+ "user20": ({"subjectid": "user20"},),
+ "user21": ({"subjectid": "user21"},),
+ "user22": ({"subjectid": "user22"},),
+ "user23": ({"subjectid": "user23"},),
+ "user24": ({"subjectid": "user24"},),
+ "user25": ({"subjectid": "user25"},),
+ "user26": ({"subjectid": "user26"},),
+ "user27": ({"subjectid": "user27"},),
+ "user28": ({"subjectid": "user28"},),
+ "user29": ({"subjectid": "user29"},),
+ "user30": ({"subjectid": "user30"},),
+ "user31": ({"subjectid": "user31"},),
+ "user32": ({"subjectid": "user32"},),
+ "user33": ({"subjectid": "user33"},),
+ "user34": ({"subjectid": "user34"},),
+ "user35": ({"subjectid": "user35"},),
+ "user36": ({"subjectid": "user36"},),
+ "user37": ({"subjectid": "user37"},),
+ "user38": ({"subjectid": "user38"},),
+ "user39": ({"subjectid": "user39"},),
+}
+object_assignments = {"admin": ({"role": "admin"}, {"role": "*"}),
+ "employee": ({"role": "employee"}, {"role": "*"}),
+ "dev1": ({"role": "employee"}, {"role": "dev1"}, {"role": "*"}),
+ "dev2": ({"role": "employee"}, {"role": "dev2"}, {"role": "*"}),
+ "dev3": ({"role": "employee"}, {"role": "dev3"}, {"role": "*"}),
+ "dev4": ({"role": "employee"}, {"role": "dev4"}, {"role": "*"}),
+ "dev5": ({"role": "employee"}, {"role": "dev5"}, {"role": "*"}),
+ "dev6": ({"role": "employee"}, {"role": "dev6"}, {"role": "*"}),
+ "dev7": ({"role": "employee"}, {"role": "dev7"}, {"role": "*"}),
+ "dev8": ({"role": "employee"}, {"role": "dev8"}, {"role": "*"}),
+ }
+action_assignments = {"activate": ({"session-action": "activate"}, {"session-action": "*"}, ),
+ "deactivate": ({"session-action": "deactivate"}, {"session-action": "*"}, )
+ }
+
+meta_rule = {
+ "session": {"id": "", "value": ("subjectid", "role", "session-action")},
+}
+
+rules = {
+ "session": (
+ {
+ "rule": ("user0", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user1", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user10", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user11", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user12", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user12", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user12", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user13", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user13", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user13", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user14", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user14", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user14", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user15", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user15", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user15", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user16", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user16", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user16", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user17", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user17", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user17", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user18", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user18", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user18", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user19", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user19", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user19", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user20", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user21", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user22", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user22", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user22", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user23", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user23", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user23", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user24", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user24", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user24", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user25", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user25", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user25", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user26", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user26", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user26", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user27", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user27", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user27", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user28", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user28", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user28", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user29", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user29", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user29", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user30", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user31", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user32", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user32", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user32", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user33", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user33", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user33", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user34", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user34", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user34", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user35", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user35", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user35", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user36", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user36", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user36", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user37", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user37", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user37", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user38", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user38", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user38", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user39", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user39", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user39", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ )
+}
+
+
--- /dev/null
+
+pdp_name = "pdp1"
+policy_name = "Session policy example"
+model_name = "Session"
+policy_genre = "session"
+
+subjects = {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+ "user10": "",
+ "user11": "",
+ "user12": "",
+ "user13": "",
+ "user14": "",
+ "user15": "",
+ "user16": "",
+ "user17": "",
+ "user18": "",
+ "user19": "",
+ "user20": "",
+ "user21": "",
+ "user22": "",
+ "user23": "",
+ "user24": "",
+ "user25": "",
+ "user26": "",
+ "user27": "",
+ "user28": "",
+ "user29": "",
+ "user30": "",
+ "user31": "",
+ "user32": "",
+ "user33": "",
+ "user34": "",
+ "user35": "",
+ "user36": "",
+ "user37": "",
+ "user38": "",
+ "user39": "",
+ "user40": "",
+ "user41": "",
+ "user42": "",
+ "user43": "",
+ "user44": "",
+ "user45": "",
+ "user46": "",
+ "user47": "",
+ "user48": "",
+ "user49": "",
+}
+objects = {"admin": "", "employee": "", "dev1": "", "dev3": "",
+ "dev4": "", "dev5": "", "dev6": "", "dev7": "", "dev8": ""}
+actions = {"activate": "", "deactivate": ""}
+
+subject_categories = {"subjectid": "", }
+object_categories = {"role": "", }
+action_categories = {"session-action": "", }
+
+subject_data = {"subjectid": {
+ "user0": "",
+ "user1": "",
+ "user2": "",
+ "user3": "",
+ "user4": "",
+ "user5": "",
+ "user6": "",
+ "user7": "",
+ "user8": "",
+ "user9": "",
+ "user10": "",
+ "user11": "",
+ "user12": "",
+ "user13": "",
+ "user14": "",
+ "user15": "",
+ "user16": "",
+ "user17": "",
+ "user18": "",
+ "user19": "",
+ "user20": "",
+ "user21": "",
+ "user22": "",
+ "user23": "",
+ "user24": "",
+ "user25": "",
+ "user26": "",
+ "user27": "",
+ "user28": "",
+ "user29": "",
+ "user30": "",
+ "user31": "",
+ "user32": "",
+ "user33": "",
+ "user34": "",
+ "user35": "",
+ "user36": "",
+ "user37": "",
+ "user38": "",
+ "user39": "",
+ "user40": "",
+ "user41": "",
+ "user42": "",
+ "user43": "",
+ "user44": "",
+ "user45": "",
+ "user46": "",
+ "user47": "",
+ "user48": "",
+ "user49": "",
+}}
+object_data = {"role": {
+ "admin": "",
+ "employee": "",
+ "dev1": "",
+ "dev2": "",
+ "dev3": "",
+ "dev4": "",
+ "dev5": "",
+ "dev6": "",
+ "dev7": "",
+ "dev8": "",
+ "*": ""
+}}
+action_data = {"session-action": {"activate": "", "deactivate": "", "*": ""}}
+
+subject_assignments = {
+ "user0": ({"subjectid": "user0"}, ),
+ "user1": ({"subjectid": "user1"}, ),
+ "user2": ({"subjectid": "user2"}, ),
+ "user3": ({"subjectid": "user3"}, ),
+ "user4": ({"subjectid": "user4"}, ),
+ "user5": ({"subjectid": "user5"}, ),
+ "user6": ({"subjectid": "user6"}, ),
+ "user7": ({"subjectid": "user7"}, ),
+ "user8": ({"subjectid": "user8"}, ),
+ "user9": ({"subjectid": "user9"}, ),
+ "user10": ({"subjectid": "user10"}, ),
+ "user11": ({"subjectid": "user11"}, ),
+ "user12": ({"subjectid": "user12"}, ),
+ "user13": ({"subjectid": "user13"}, ),
+ "user14": ({"subjectid": "user14"}, ),
+ "user15": ({"subjectid": "user15"}, ),
+ "user16": ({"subjectid": "user16"}, ),
+ "user17": ({"subjectid": "user17"}, ),
+ "user18": ({"subjectid": "user18"}, ),
+ "user19": ({"subjectid": "user19"}, ),
+ "user20": ({"subjectid": "user20"}, ),
+ "user21": ({"subjectid": "user21"}, ),
+ "user22": ({"subjectid": "user22"}, ),
+ "user23": ({"subjectid": "user23"}, ),
+ "user24": ({"subjectid": "user24"}, ),
+ "user25": ({"subjectid": "user25"}, ),
+ "user26": ({"subjectid": "user26"}, ),
+ "user27": ({"subjectid": "user27"}, ),
+ "user28": ({"subjectid": "user28"}, ),
+ "user29": ({"subjectid": "user29"}, ),
+ "user30": ({"subjectid": "user30"}, ),
+ "user31": ({"subjectid": "user31"}, ),
+ "user32": ({"subjectid": "user32"}, ),
+ "user33": ({"subjectid": "user33"}, ),
+ "user34": ({"subjectid": "user34"}, ),
+ "user35": ({"subjectid": "user35"}, ),
+ "user36": ({"subjectid": "user36"}, ),
+ "user37": ({"subjectid": "user37"}, ),
+ "user38": ({"subjectid": "user38"}, ),
+ "user39": ({"subjectid": "user39"}, ),
+ "user40": ({"subjectid": "user40"}, ),
+ "user41": ({"subjectid": "user41"}, ),
+ "user42": ({"subjectid": "user42"}, ),
+ "user43": ({"subjectid": "user43"}, ),
+ "user44": ({"subjectid": "user44"}, ),
+ "user45": ({"subjectid": "user45"}, ),
+ "user46": ({"subjectid": "user46"}, ),
+ "user47": ({"subjectid": "user47"}, ),
+ "user48": ({"subjectid": "user48"}, ),
+ "user49": ({"subjectid": "user49"}, ),
+}
+object_assignments = {"admin": ({"role": "admin"}, {"role": "*"}),
+ "employee": ({"role": "employee"}, {"role": "*"}),
+ "dev1": ({"role": "employee"}, {"role": "dev1"}, {"role": "*"}),
+ "dev2": ({"role": "employee"}, {"role": "dev2"}, {"role": "*"}),
+ "dev3": ({"role": "employee"}, {"role": "dev3"}, {"role": "*"}),
+ "dev4": ({"role": "employee"}, {"role": "dev4"}, {"role": "*"}),
+ "dev5": ({"role": "employee"}, {"role": "dev5"}, {"role": "*"}),
+ "dev6": ({"role": "employee"}, {"role": "dev6"}, {"role": "*"}),
+ "dev7": ({"role": "employee"}, {"role": "dev7"}, {"role": "*"}),
+ "dev8": ({"role": "employee"}, {"role": "dev8"}, {"role": "*"}),
+ }
+action_assignments = {"activate": ({"session-action": "activate"}, {"session-action": "*"}, ),
+ "deactivate": ({"session-action": "deactivate"}, {"session-action": "*"}, )
+ }
+
+meta_rule = {
+ "session": {"id": "", "value": ("subjectid", "role", "session-action")},
+}
+
+rules = {
+ "session": (
+ {
+ "rule": ("user0", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user1", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user2", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user3", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user4", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user5", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user6", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user7", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user8", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "dev1", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user9", "dev2", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user10", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user11", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user12", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user12", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user12", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user13", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user13", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user13", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user14", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user14", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user14", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user15", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user15", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user15", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user16", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user16", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user16", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user17", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user17", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user17", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user18", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user18", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user18", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user19", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user19", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user19", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user1
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user20", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user21", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user22", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user22", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user22", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user23", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user23", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user23", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user24", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user24", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user24", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user25", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user25", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user25", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user26", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user26", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user26", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user27", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user27", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user27", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user28", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user28", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user28", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user29", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user29", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user29", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user2
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user30", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user31", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user32", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user32", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user32", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user33", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user33", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user33", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user34", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user34", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user34", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user35", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user35", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user35", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user36", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user36", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user36", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user37", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user37", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user37", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user38", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user38", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user38", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user39", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user39", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user39", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user3
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user40", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user41", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "delete",
+ "target": "rbac:role:employee" # delete the role employee from the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user42", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user42", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user42", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user43", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user43", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user43", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user44", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user44", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user44", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user45", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user45", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user45", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user46", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user46", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user46", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user47", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user47", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user47", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user48", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user48", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user48", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user49", "employee", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user49", "dev3", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ {
+ "rule": ("user49", "dev4", "*"),
+ "instructions": (
+ {
+ "update": {
+ "operation": "add",
+ "target": "rbac:role:admin" # add the role admin to the current user4
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the meta_rule named rbac
+ )
+ },
+ )
+}
+
+
Code Review / moon.git / commitdiff