All tokens are considered "granular access tokens" (GATs). Token entries in the database consist of 3 parts:
tokenthe unique token valueuuidassociative value representing a single user/scopescopevalue representing the granular access/privileges
A scope contains an array of privileges that define both the type(s)
of & access value(s) for a token.
[!NOTE] Tokens can be associated with multiple "types" of access
type(s):pkg:readread associated packagespkg:read+writewrite associated packages (requires read access)user:readread associated useruser:read+writewrite associated user (requires read access)
value(s):*an ANY selector foruser:orpkg:access types~<user>user selector for theuser:access type@<scope>/<pkg>package specific selector for thepkg:access type@<scope>/*glob scope selector forpkg:access types
Note
- user/org/team management via
@<scope>is not supported at the moment
- specific package read access
- individual user read+write access
[
{
"values": ["@organization/package-name"],
"types": {
"pkg": {
"read": true
}
}
},
{
"values": ["~johnsmith"],
"types": {
"user": {
"read": true,
"write": true
}
}
}
]- scoped package read+write access
- individual user read+write access
[
{
"values": ["@organization/*"],
"types": {
"pkg": {
"read": true
}
}
},
{
"values": ["~johnsmith"],
"types": {
"user": {
"read": true,
"write": true
}
}
}
]- organization scoped packages read+write access
- individual user read+write access
[
{
"values": ["@organization/package-name"],
"types": {
"pkg": {
"read": true
}
}
},
{
"values": ["~johnsmith"],
"types": {
"user": {
"read": true,
"write": true
}
}
}
]- organization scoped package read+write access
- organization users read+write access
[
{
"values": ["@company/*"],
"types": {
"pkg": {
"read": true,
"write": true
},
"user": {
"read": true,
"write": true
}
}
}
][
{
"values": ["*"],
"types": {
"pkg": {
"read": true,
"write": true
},
{
"user": {
"read": true,
"write": true
}
}
}
}
]