From 54dbd1e62150c842fa30ea7b66259bb9c2792880 Mon Sep 17 00:00:00 2001 From: David Crespo Date: Fri, 5 Jun 2026 19:22:48 -0500 Subject: [PATCH 1/2] Distinguish 404 from 403 in authz-roles policy test snapshot --- nexus/db-queries/src/policy_test/mod.rs | 7 +- nexus/db-queries/tests/output/authz-roles.out | 1976 ++++++++--------- 2 files changed, 992 insertions(+), 991 deletions(-) diff --git a/nexus/db-queries/src/policy_test/mod.rs b/nexus/db-queries/src/policy_test/mod.rs index c8bd99613ce..e378c2aa05d 100644 --- a/nexus/db-queries/src/policy_test/mod.rs +++ b/nexus/db-queries/src/policy_test/mod.rs @@ -357,9 +357,10 @@ async fn authorize_one_resource( "result" => ?result, ); let summary = match result { - Ok(_) => '\u{2714}', // ✔ - Err(Error::Forbidden) - | Err(Error::ObjectNotFound { .. }) => '\u{2718}', // ✘ + Ok(_) => '\u{2714}', // ✔ + Err(Error::Forbidden) => '\u{2718}', // ✘ 403, visible + // ∅ 404, hidden + Err(Error::ObjectNotFound { .. }) => '\u{2205}', Err(Error::Unauthenticated { .. }) => '!', Err(_) => '\u{26a0}', // ⚠ }; diff --git a/nexus/db-queries/tests/output/authz-roles.out b/nexus/db-queries/tests/output/authz-roles.out index c8f72837771..45beac063e7 100644 --- a/nexus/db-queries/tests/output/authz-roles.out +++ b/nexus/db-queries/tests/output/authz-roles.out @@ -329,7 +329,7 @@ resource: Silo "silo1" silo1-proj1-limited-collaborator ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ silo1-proj1-viewer ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ external-authn ✘ ✔ ✔ ✔ ✘ ✘ ✔ ✘ @@ -359,22 +359,22 @@ resource: Certificate "silo1-certificate" USER Q R LC RP M MP CC D fleet-admin ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + unauthenticated ! ! ! ! ! ! ! ! + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ internal-api ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Silo "silo1": identity provider list @@ -407,13 +407,13 @@ resource: IdentityProvider "silo1-identity-provider" silo1-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ external-authn ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ @@ -428,13 +428,13 @@ resource: SamlIdentityProvider "silo1-saml-identity-provider" silo1-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ external-authn ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ @@ -547,23 +547,23 @@ resource: SiloGroup "silo1-group" resource: SiloImage "silo1-silo-image" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: SiloUser "silo1-user": session list @@ -610,65 +610,65 @@ resource: SiloUser "silo1-user": token list resource: Image "silo1-image" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Project "silo1-proj1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✔ ✘ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-proj1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✔ ✘ silo1-proj1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✔ ✘ silo1-proj1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Disk "silo1-proj1-disk1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-proj1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: MulticastGroup "silo1-proj1-multicast-group1" @@ -686,94 +686,94 @@ resource: MulticastGroup "silo1-proj1-multicast-group1" silo1-proj1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-proj1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - internal-api ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + internal-api ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: AffinityGroup "silo1-proj1-affinity-group1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-proj1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: AntiAffinityGroup "silo1-proj1-anti-affinity-group1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-proj1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Instance "silo1-proj1-instance1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-proj1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: InstanceNetworkInterface "silo1-proj1-instance1-nic1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-proj1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Project "silo1-proj1": vpc list @@ -799,275 +799,275 @@ resource: Project "silo1-proj1": vpc list resource: Vpc "silo1-proj1-vpc1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-proj1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-proj1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: VpcSubnet "silo1-proj1-vpc1-subnet1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-proj1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-proj1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: VpcRouter "silo1-proj1-vpc1-router1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-proj1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-proj1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: RouterRoute "silo1-proj1-vpc1-router1-route1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-proj1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-proj1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Snapshot "silo1-proj1-disk1-snapshot1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-proj1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: ProjectImage "silo1-proj1-image1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-proj1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: FloatingIp "silo1-proj1-fip1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-proj1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: InternetGateway "silo1-proj1-igw1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-proj1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-proj1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: InternetGatewayIpPool "silo1-proj1-igw1-pool1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-proj1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-proj1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: InternetGatewayIpAddress "silo1-proj1-igw1-address1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-proj1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-proj1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: ExternalSubnet id "762e3d39-cd8a-4c59-ae6a-6efc9b2421df" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-proj1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-proj1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Project "silo1-proj2" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✔ ✘ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Disk "silo1-proj2-disk1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: MulticastGroup "silo1-proj2-multicast-group1" @@ -1085,94 +1085,94 @@ resource: MulticastGroup "silo1-proj2-multicast-group1" silo1-proj1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-proj1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - internal-api ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + internal-api ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: AffinityGroup "silo1-proj2-affinity-group1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: AntiAffinityGroup "silo1-proj2-anti-affinity-group1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Instance "silo1-proj2-instance1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: InstanceNetworkInterface "silo1-proj2-instance1-nic1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Project "silo1-proj2": vpc list @@ -1198,251 +1198,251 @@ resource: Project "silo1-proj2": vpc list resource: Vpc "silo1-proj2-vpc1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: VpcSubnet "silo1-proj2-vpc1-subnet1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: VpcRouter "silo1-proj2-vpc1-router1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: RouterRoute "silo1-proj2-vpc1-router1-route1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Snapshot "silo1-proj2-disk1-snapshot1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: ProjectImage "silo1-proj2-image1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: FloatingIp "silo1-proj2-fip1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: InternetGateway "silo1-proj2-igw1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: InternetGatewayIpPool "silo1-proj2-igw1-pool1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: InternetGatewayIpAddress "silo1-proj2-igw1-address1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: ExternalSubnet id "762e3d39-cd8a-4c59-ae6a-6efc9b2421df" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-limited-collaborator ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ silo1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: ScimClientBearerToken id "7885144e-9c75-47f7-a97d-7dfc58e1186c" USER Q R LC RP M MP CC D fleet-admin ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ silo1-admin ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + unauthenticated ! ! ! ! ! ! ! ! + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ internal-api ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ external-authn ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ @@ -1474,17 +1474,17 @@ resource: Silo "silo2" fleet-admin ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ fleet-collaborator ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ fleet-viewer ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ external-authn ✘ ✔ ✔ ✔ ✘ ✘ ✔ ✘ @@ -1514,22 +1514,22 @@ resource: Certificate "silo2-certificate" USER Q R LC RP M MP CC D fleet-admin ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + unauthenticated ! ! ! ! ! ! ! ! + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ internal-api ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Silo "silo2": identity provider list @@ -1558,17 +1558,17 @@ resource: IdentityProvider "silo2-identity-provider" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ external-authn ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ @@ -1579,17 +1579,17 @@ resource: SamlIdentityProvider "silo2-saml-identity-provider" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ external-authn ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ @@ -1642,17 +1642,17 @@ resource: SiloUser "silo2-user" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ external-authn ✘ ✔ ✔ ✔ ✔ ✔ ✘ ✔ @@ -1663,17 +1663,17 @@ resource: SshKey "silo2-user-ssh-key" fleet-admin ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ fleet-collaborator ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + unauthenticated ! ! ! ! ! ! ! ! + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ internal-api ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ external-authn ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ @@ -1684,17 +1684,17 @@ resource: SiloGroup "silo2-group" fleet-admin ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ external-authn ✘ ✔ ✔ ✔ ✔ ✔ ✘ ✔ @@ -1702,23 +1702,23 @@ resource: SiloGroup "silo2-group" resource: SiloImage "silo2-silo-image" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: SiloUser "silo2-user": session list @@ -1765,65 +1765,65 @@ resource: SiloUser "silo2-user": token list resource: Image "silo2-image" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Project "silo2-proj1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Disk "silo2-proj1-disk1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: MulticastGroup "silo2-proj1-multicast-group1" @@ -1841,34 +1841,97 @@ resource: MulticastGroup "silo2-proj1-multicast-group1" silo1-proj1-limited-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ silo1-proj1-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - internal-api ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + internal-api ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: AffinityGroup "silo2-proj1-affinity-group1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: AntiAffinityGroup "silo2-proj1-anti-affinity-group1" + USER Q R LC RP M MP CC D + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + unauthenticated ! ! ! ! ! ! ! ! + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ + internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + +resource: Instance "silo2-proj1-instance1" + + USER Q R LC RP M MP CC D + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + unauthenticated ! ! ! ! ! ! ! ! + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ + internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + +resource: InstanceNetworkInterface "silo2-proj1-instance1-nic1" + + USER Q R LC RP M MP CC D + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + unauthenticated ! ! ! ! ! ! ! ! + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ + internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + +resource: Project "silo2-proj1": vpc list + USER Q R LC RP M MP CC D fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ @@ -1884,321 +1947,258 @@ resource: AntiAffinityGroup "silo2-proj1-anti-affinity-group1" silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - -resource: Instance "silo2-proj1-instance1" - - USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - -resource: InstanceNetworkInterface "silo2-proj1-instance1-nic1" - - USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - -resource: Project "silo2-proj1": vpc list - - USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✔ ✘ ✘ ✘ ✔ ✘ - internal-api ✘ ✘ ✔ ✘ ✘ ✘ ✔ ✘ + db-init ✘ ✘ ✔ ✘ ✘ ✘ ✔ ✘ + internal-api ✘ ✘ ✔ ✘ ✘ ✘ ✔ ✘ external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ resource: Vpc "silo2-proj1-vpc1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: VpcSubnet "silo2-proj1-vpc1-subnet1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: VpcRouter "silo2-proj1-vpc1-router1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: RouterRoute "silo2-proj1-vpc1-router1-route1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Snapshot "silo2-proj1-disk1-snapshot1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: ProjectImage "silo2-proj1-image1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: FloatingIp "silo2-proj1-fip1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: InternetGateway "silo2-proj1-igw1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: InternetGatewayIpPool "silo2-proj1-igw1-pool1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: InternetGatewayIpAddress "silo2-proj1-igw1-address1" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: ExternalSubnet id "762e3d39-cd8a-4c59-ae6a-6efc9b2421df" USER Q R LC RP M MP CC D - fleet-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: ScimClientBearerToken id "7885144e-9c75-47f7-a97d-7dfc58e1186c" USER Q R LC RP M MP CC D fleet-admin ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ - fleet-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - fleet-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + fleet-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + fleet-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + unauthenticated ! ! ! ! ! ! ! ! + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ internal-api ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ external-authn ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ @@ -2230,20 +2230,20 @@ resource: Rack id "c037e882-8b6d-c8b5-bef4-97e848eb0a50" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Rack id "c037e882-8b6d-c8b5-bef4-97e848eb0a50": trust quorum configuration @@ -2251,20 +2251,20 @@ resource: Rack id "c037e882-8b6d-c8b5-bef4-97e848eb0a50": trust quorum configura fleet-admin ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ fleet-collaborator ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + unauthenticated ! ! ! ! ! ! ! ! + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Sled id "8a785566-adaf-c8d8-e886-bee7f9b73ca7" @@ -2272,20 +2272,20 @@ resource: Sled id "8a785566-adaf-c8d8-e886-bee7f9b73ca7" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Zpool id "aaaaaaaa-1233-af7d-9220-afe1d8090900" @@ -2293,20 +2293,20 @@ resource: Zpool id "aaaaaaaa-1233-af7d-9220-afe1d8090900" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Service id "6b1f15ee-d6b3-424c-8436-94413a0b682d" @@ -2314,20 +2314,20 @@ resource: Service id "6b1f15ee-d6b3-424c-8436-94413a0b682d" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Service id "7f7bb301-5dc9-41f1-ab29-d369f4835079" @@ -2335,20 +2335,20 @@ resource: Service id "7f7bb301-5dc9-41f1-ab29-d369f4835079" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: PhysicalDisk id "c9f923f6-caf3-4c83-96f9-8ffe8c627dd2" @@ -2356,20 +2356,20 @@ resource: PhysicalDisk id "c9f923f6-caf3-4c83-96f9-8ffe8c627dd2" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: SupportBundle id "d9f923f6-caf3-4c83-96f9-8ffe8c627dd2" @@ -2377,20 +2377,20 @@ resource: SupportBundle id "d9f923f6-caf3-4c83-96f9-8ffe8c627dd2" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: DeviceAuthRequest "a-device-user-code" @@ -2408,7 +2408,7 @@ resource: DeviceAuthRequest "a-device-user-code" silo1-proj1-limited-collaborator ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ silo1-proj1-viewer ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ db-init ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ external-authn ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ @@ -2419,18 +2419,18 @@ resource: DeviceAccessToken id "3b80c7f9-bee0-4b42-8550-6cdfc74dafdb" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + unauthenticated ! ! ! ! ! ! ! ! + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ external-authn ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ @@ -2440,20 +2440,20 @@ resource: Blueprint id "b9e923f6-caf3-4c83-96f9-8ffe8c627dd2" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: TufRepo id "3c52d72f-cbf7-4951-a62f-a4154e74da87" @@ -2461,20 +2461,20 @@ resource: TufRepo id "3c52d72f-cbf7-4951-a62f-a4154e74da87" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: TufArtifact id "6827813e-bfaa-4205-9b9f-9f7901e4aab1" @@ -2482,20 +2482,20 @@ resource: TufArtifact id "6827813e-bfaa-4205-9b9f-9f7901e4aab1" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: TufTrustRoot id "b2c043c7-5eaa-40b5-a0a2-cdf97b2e66b3" @@ -2503,20 +2503,20 @@ resource: TufTrustRoot id "b2c043c7-5eaa-40b5-a0a2-cdf97b2e66b3" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: AddressLot id "43259fdc-c5c0-4a21-8b1d-2f673ad00d93" @@ -2524,20 +2524,20 @@ resource: AddressLot id "43259fdc-c5c0-4a21-8b1d-2f673ad00d93" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: LoopbackAddress id "9efbf1b1-16f9-45ab-864a-f7ebe501ae5b" @@ -2545,20 +2545,20 @@ resource: LoopbackAddress id "9efbf1b1-16f9-45ab-864a-f7ebe501ae5b" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: Alert id "31cb17da-4164-4cbf-b9a3-b3e4a687c08b" @@ -2566,20 +2566,20 @@ resource: Alert id "31cb17da-4164-4cbf-b9a3-b3e4a687c08b" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: AlertReceiver "webhooked-on-phonics" @@ -2587,20 +2587,20 @@ resource: AlertReceiver "webhooked-on-phonics" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: WebhookSecret id "0c3e55cb-fcee-46e9-a2e3-0901dbd3b997" @@ -2608,20 +2608,20 @@ resource: WebhookSecret id "0c3e55cb-fcee-46e9-a2e3-0901dbd3b997" fleet-admin ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ fleet-collaborator ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + unauthenticated ! ! ! ! ! ! ! ! + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: SubnetPool id "e3a6e04e-ad41-483c-8ee9-3958c3ffb4e5" @@ -2629,20 +2629,20 @@ resource: SubnetPool id "e3a6e04e-ad41-483c-8ee9-3958c3ffb4e5" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: IpPool id "f9bf2e93-1f3f-4f4e-9c0f-3c8f6a8d6f2a" @@ -2650,20 +2650,20 @@ resource: IpPool id "f9bf2e93-1f3f-4f4e-9c0f-3c8f6a8d6f2a" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✔ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✔ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✔ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✔ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✔ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✔ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✔ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✔ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✔ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✔ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✔ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ✔ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ✔ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ✔ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ✔ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ✔ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ✔ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ✔ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ✔ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ✔ ∅ unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ resource: ConsoleSession id "a1b2c3d4-0000-4000-8000-000000000001" @@ -2671,18 +2671,18 @@ resource: ConsoleSession id "a1b2c3d4-0000-4000-8000-000000000001" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + unauthenticated ! ! ! ! ! ! ! ! + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ external-authn ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ @@ -2692,20 +2692,20 @@ resource: UserBuiltin id "a1b2c3d4-0000-4000-8000-000000000002" fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ fleet-collaborator ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ fleet-viewer ✘ ✔ ✔ ✔ ✘ ✘ ✘ ✘ - silo1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-user-self ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-admin ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - unauthenticated ! ! ! ! ! ! ! ! - scim ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - db-init ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ - internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ - external-authn ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ + silo1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-user-self ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo1-proj1-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + unauthenticated ! ! ! ! ! ! ! ! + scim ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + db-init ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + internal-api ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ + external-authn ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ ACTIONS: From e962c9355d7e1b111645fa7c7f1b9cc72322a66a Mon Sep 17 00:00:00 2001 From: David Crespo Date: Tue, 9 Jun 2026 12:51:35 -0500 Subject: [PATCH 2/2] Cover cross-silo access in conferred-roles policy test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The conferred-roles test only registered Fleet-rooted resources (Fleet, IpPoolList), so it never exercised a conferring user reaching a *different* Silo than their own. Add a second Silo ("other-silo") to the resource set. This also gives the test 404-vs-403 coverage: a user with no path to the other Silo can not see it (404, rendered ∅), while a user whose main-Silo role confers a Fleet role can (403/visible, rendered ✘/✔). Regenerate authz-conferred-roles.out accordingly. --- nexus/db-queries/src/policy_test/mod.rs | 13 +++++ .../tests/output/authz-conferred-roles.out | 48 +++++++++++++++++++ 2 files changed, 61 insertions(+) diff --git a/nexus/db-queries/src/policy_test/mod.rs b/nexus/db-queries/src/policy_test/mod.rs index e378c2aa05d..42afbddf430 100644 --- a/nexus/db-queries/src/policy_test/mod.rs +++ b/nexus/db-queries/src/policy_test/mod.rs @@ -448,6 +448,19 @@ async fn test_conferred_roles() { ResourceBuilder::new(&opctx, &datastore, &mut coverage, main_silo_id); builder.new_resource(authz::FLEET); builder.new_resource(authz::IP_POOL_LIST); + // A second Silo, distinct from the conferring users' own (main) Silo. A user + // whose main-Silo role confers a Fleet role is effectively a Fleet-level + // principal and must be able to reach OTHER Silos too; the Fleet-only + // resources above can't exercise that cross-Silo path. This also exercises + // the 404-vs-403 distinction: a user with no path to this Silo can't even + // see it, so it gets a 404 (∅) rather than a 403 (✘). + let other_silo_id: Uuid = + "22222222-2222-4222-8222-222222222222".parse().unwrap(); + builder.new_resource(authz::Silo::new( + authz::FLEET, + other_silo_id, + LookupType::ByName("other-silo".to_string()), + )); let test_resources = builder.build(); // We also create a Silo because the ResourceBuilder will create for us diff --git a/nexus/db-queries/tests/output/authz-conferred-roles.out b/nexus/db-queries/tests/output/authz-conferred-roles.out index 8d4ea3981f3..6f717b4585b 100644 --- a/nexus/db-queries/tests/output/authz-conferred-roles.out +++ b/nexus/db-queries/tests/output/authz-conferred-roles.out @@ -15,6 +15,14 @@ resource: authz::IpPoolList silo-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ silo-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ +resource: Silo "other-silo" + + USER Q R LC RP M MP CC D + silo-admin ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + policy: {Admin: {Admin}} resource: Fleet id "001de000-1334-4000-8000-000000000000" @@ -32,6 +40,14 @@ resource: authz::IpPoolList silo-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ silo-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ +resource: Silo "other-silo" + + USER Q R LC RP M MP CC D + silo-admin ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ + silo-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + policy: {Viewer: {Viewer}} resource: Fleet id "001de000-1334-4000-8000-000000000000" @@ -49,6 +65,14 @@ resource: authz::IpPoolList silo-limited-collaborator ✘ ✘ ✔ ✘ ✘ ✘ ✘ ✘ silo-viewer ✘ ✘ ✔ ✘ ✘ ✘ ✘ ✘ +resource: Silo "other-silo" + + USER Q R LC RP M MP CC D + silo-admin ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ + silo-collaborator ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ + silo-limited-collaborator ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ + silo-viewer ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ + policy: {Admin: {Viewer}} resource: Fleet id "001de000-1334-4000-8000-000000000000" @@ -66,6 +90,14 @@ resource: authz::IpPoolList silo-limited-collaborator ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ silo-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ +resource: Silo "other-silo" + + USER Q R LC RP M MP CC D + silo-admin ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ + silo-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo-limited-collaborator ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + silo-viewer ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ + policy: {Viewer: {Admin, Viewer}} resource: Fleet id "001de000-1334-4000-8000-000000000000" @@ -83,6 +115,14 @@ resource: authz::IpPoolList silo-limited-collaborator ✘ ✘ ✔ ✘ ✔ ✔ ✔ ✔ silo-viewer ✘ ✘ ✔ ✘ ✔ ✔ ✔ ✔ +resource: Silo "other-silo" + + USER Q R LC RP M MP CC D + silo-admin ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ + silo-collaborator ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ + silo-limited-collaborator ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ + silo-viewer ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ + policy: {Admin: {Admin}, Viewer: {Viewer}} resource: Fleet id "001de000-1334-4000-8000-000000000000" @@ -100,3 +140,11 @@ resource: authz::IpPoolList silo-limited-collaborator ✘ ✘ ✔ ✘ ✘ ✘ ✘ ✘ silo-viewer ✘ ✘ ✔ ✘ ✘ ✘ ✘ ✘ +resource: Silo "other-silo" + + USER Q R LC RP M MP CC D + silo-admin ✘ ✔ ✘ ✔ ✔ ✔ ✘ ✔ + silo-collaborator ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ + silo-limited-collaborator ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ + silo-viewer ✘ ✔ ✘ ✔ ✘ ✘ ✘ ✘ +