|
1 --- |
|
2 labels: |
|
3 - Stage-Alpha |
|
4 summary: XMPP-layer access control for Prosody |
|
5 --- |
|
6 |
|
7 Introduction |
|
8 ============ |
|
9 |
|
10 This module enforces access policies using Prosody's new [roles and |
|
11 permissions framework](https://prosody.im/doc/developers/permissions). It can |
|
12 be used to grant restricted access to an XMPP account or services. |
|
13 |
|
14 This module is still in its early stages, and prone to change. Feedback from |
|
15 testers is welcome. At this early stage, it should not be solely relied upon |
|
16 for account security purposes. |
|
17 |
|
18 Configuration |
|
19 ============= |
|
20 |
|
21 There is no configuration, apart from Prosody's normal roles and permissions |
|
22 configuration. |
|
23 |
|
24 Permissions |
|
25 =========== |
|
26 |
|
27 `xmpp:federate` |
|
28 : Communicate with other users and services on other hosts on the XMPP network |
|
29 `xmpp:account:messages:read` |
|
30 : Read incoming messages |
|
31 `xmpp:account:messages:write` |
|
32 : Send outgoing messages |
|
33 `xmpp:account:presence:write` |
|
34 : Update presence for the account |
|
35 `xmpp:account:contacts:read`/`xmpp:account:contacts:write` |
|
36 : Controls access to the contact list (roster) |
|
37 `xmpp:account:bookmarks:read`/`xmpp:account:bookmarks:write` |
|
38 : Controls access to the bookmarks (group chats list) |
|
39 `xmpp:account:profile:read`/`xmpp:account:profile:write` |
|
40 : Controls access to the user's profile (e.g. vCard/avatar) |
|
41 `xmpp:account:omemo:read`/`xmpp:account:omemo:write` |
|
42 : Controls access to the user's OMEMO data |
|
43 `xmpp:account:blocklist:read`/`xmpp:account:blocklist:write` |
|
44 : Controls access to the user's block list |
|
45 `xmpp:account:disco:read` |
|
46 : Controls access to the user's service discovery information |
|
47 |
|
48 Compatibility |
|
49 ============= |
|
50 |
|
51 Requires Prosody trunk 72f431b4dc2c (build 1444) or later. |