Consolidate audit permissions to audit namespace

This commit is contained in:
2026-04-24 14:46:38 +02:00
parent e9f210decb
commit 4b9ce4bbad
8 changed files with 227 additions and 19 deletions

View File

@@ -1429,22 +1429,24 @@ VALUES
('settings.update', 'Can update settings', 1, 1),
('tenant.scope.global', 'Can bypass tenant scope globally', 1, 1),
('imports.view', 'Can view imports', 1, 1),
('imports.audit.view', 'Can view import audit logs', 1, 1),
('audit.imports.view', 'Can view import audit logs', 1, 1),
('audit.imports.purge', 'Can purge import audit logs', 1, 1),
('jobs.view', 'Can view scheduled jobs', 1, 1),
('jobs.manage', 'Can manage scheduled jobs', 1, 1),
('jobs.run_now', 'Can run scheduled jobs manually', 1, 1),
('user_lifecycle_audit.view', 'Can view user lifecycle audit logs', 1, 1),
('audit.user_lifecycle.view', 'Can view user lifecycle audit logs', 1, 1),
('users.import', 'Can import users', 1, 1),
('users.import_assignments', 'Can assign tenant, role and department during user import', 1, 1),
('users.lifecycle_restore', 'Can restore users from lifecycle audit', 1, 1),
('audit.user_lifecycle.restore', 'Can restore users from lifecycle audit', 1, 1),
('custom_fields.manage', 'Can manage tenant custom field definitions', 1, 1),
('custom_fields.edit_values', 'Can edit user custom field values', 1, 1),
('api_docs.view', 'Can view API documentation', 1, 1),
('docs.view', 'Can view developer documentation', 1, 1),
('mail_log.view', 'Can view mail logs', 1, 1),
('api_audit.view', 'Can view API audit logs', 1, 1),
('system_audit.view', 'Can view system audit logs', 1, 1),
('system_audit.purge', 'Can purge system audit logs', 1, 1),
('audit.api.view', 'Can view API audit logs', 1, 1),
('audit.api.purge', 'Can purge API audit logs', 1, 1),
('audit.system.view', 'Can view system audit logs', 1, 1),
('audit.system.purge', 'Can purge system audit logs', 1, 1),
('api_tokens.manage', 'Can manage user API tokens', 1, 1),
('stats.view', 'Can view statistics', 1, 1),
('system_info.view', 'Can view system info and health status', 1, 1),
@@ -1542,13 +1544,13 @@ JOIN permissions p ON p.`key` IN (
'roles.view', 'roles.create', 'roles.update', 'roles.delete',
'permissions.view', 'permissions.create', 'permissions.update', 'permissions.delete',
'settings.view', 'settings.update', 'tenant.scope.global',
'imports.view', 'imports.audit.view', 'jobs.view', 'jobs.manage', 'jobs.run_now',
'user_lifecycle_audit.view', 'users.import', 'users.import_assignments',
'users.lifecycle_restore',
'imports.view', 'audit.imports.view', 'audit.imports.purge', 'jobs.view', 'jobs.manage', 'jobs.run_now',
'audit.user_lifecycle.view', 'users.import', 'users.import_assignments',
'audit.user_lifecycle.restore',
'custom_fields.manage', 'custom_fields.edit_values',
'api_docs.view', 'docs.view',
'api_tokens.manage',
'mail_log.view', 'api_audit.view', 'system_audit.view', 'system_audit.purge',
'mail_log.view', 'audit.api.view', 'audit.api.purge', 'audit.system.view', 'audit.system.purge',
'stats.view', 'system_info.view',
'roles.assign_all',
'helpdesk.access', 'helpdesk.settings.manage', 'helpdesk.team-workload.view', 'helpdesk.risk-radar.view', 'helpdesk.software-products.manage',
@@ -1598,9 +1600,9 @@ JOIN permissions p ON p.`key` IN (
'address_book.view',
'tenants.view', 'departments.view', 'roles.view', 'permissions.view',
'settings.view',
'imports.view', 'imports.audit.view',
'user_lifecycle_audit.view',
'mail_log.view', 'api_audit.view', 'system_audit.view',
'imports.view', 'audit.imports.view',
'audit.user_lifecycle.view',
'mail_log.view', 'audit.api.view', 'audit.system.view',
'stats.view', 'jobs.view'
)
WHERE r.code = 'AUDITOR'