Auth enhancements

salt/soc/files/kratos/schema.json

@@ -31,10 +31,6 @@
           "type": "string",
           "title": "Last Name"
         },
-        "role": {
-          "type": "string",
-          "title": "Role"
-        },
         "status": {
           "type": "string",
           "title": "Status"

salt/soc/files/soc/custom_roles

@@ -0,0 +1,20 @@
+# Define custom business role mappings, or remove mappings that come with 
+# the default SOC deployment.
+#
+# IMPORTANT: This file should be copied from the salt/default tree into
+#            the salt/local tree (preserving the same directory structure).
+#            Failure to do this will result in the customizations being
+#            overwritten on future upgrades.
+#
+# Syntax      => prebuiltRoleX: customRoleY: op
+# Explanation => roleY and roleZ are adjusted permissions of roleX, op is:
+#                + add the new permissions/role mappings (default)
+#                - remove existing prebuilt permissions
+#
+# In the example below, we will define a new role for junior analysts,
+# that is nearly identical to the analyst role that comes with SOC, with the
+# exception that it removes their ability to obtain details about other 
+# analysts in the system.
+#
+# analyst:        jr_analyst
+# user-monitor:   jr_analyst:-

salt/soc/files/soc/soc.json

@@ -85,6 +85,14 @@
       "statickeyauth": {
         "anonymousCidr": "{{ DNET }}/24",
         "apiKey": "{{ SENSORONIKEY }}"
+      },
+      "staticrbac": {
+        "roleFiles": [ 
+          "rbac/permissions", 
+          "rbac/roles", 
+          "rbac/users_roles",
+          "rbac/custom_roles"
+        ]
       }
     },
     "client": {