© Copyright 1990-2017 P3 Consulting unless otherwise indicated. Please contact us with any questions or comments.

 Bootstrap script executed on an empty schema

begin
create cube ${sytemCubeID} as "${systemCubeLabel}" Access.${systemCubeDefaultAccess},
use system cube ${sytemCubeID},
set current cube ${sytemCubeID},

create dimension __USER_GROUPS__ as "Users and Groups" isMandatory,
create dimension __APPLICATION_DOMAINS__ as "Applications (client's cubes) and Domains" isMandatory,
create dimension __TASK_ROLES__ as "Task and Roles"ยป isMandatory,

create group ROOT of __USER_GROUPS__,
create group ADMIN of __USER_GROUPS__,
create group VIEWER of __USER_GROUPS__,
create group WHEEL type SPEL rule "getCoordinate().isTerminal()" of __USER_GROUPS__,
create group CONSOLE_USERS of __USER_GROUPS__,
create group BASIC_ACCOUNTS of __USER_GROUPS__,

create group SYSTEM_DOMAIN of __APPLICATION_DOMAINS__,
create group USER_DOMAIN of __APPLICATION_DOMAINS__,

# root:*********
create user 'root' identifiedBy "${rootPassword}" unlocked expires Date(31-12-2999),
# admin:*******
create user 'admin' identifiedBy "${adminPassword}" unlocked expires Date(31-12-2999),
# viewer:*******
create user 'viewer' identifiedBy "${viewerPassword}" unlocked expires Date(31-12-2999),

# remoteAdmin:********
create basicaccount 'remoteAdmin' identifiedBy "${remoteAdminPassword}" cubeAccess [ ${sytemCubeID} ],
# remoteViewer:********
create basicaccount 'remoteViewer' identifiedBy "${remoteViewerPassword}" cubeAccess [ ${sytemCubeID} ],

add coordinate root to ROOT of __USER_GROUPS__,
add coordinate ROOT to ADMIN of __USER_GROUPS__,
add coordinate 'admin' to ADMIN of __USER_GROUPS__,
add coordinate viewer to VIEWER of __USER_GROUPS__,

# done by create user
# add coordinate root to CONSOLE_USERS of __USER_GROUPS__,
# add coordinate root to CONSOLE_USERS of __USER_GROUPS__,
# add coordinate 'admin' to CONSOLE_USERS of __USER_GROUPS__,
# add coordinate viewer to CONSOLE_USERS of __USER_GROUPS__,

# done by create basicaccount
# add coordinate remoteAdmin to BASIC_ACCOUNTS of __USER_GROUPS__,
# add coordinate remoteViewer to BASIC_ACCOUNTS of __USER_GROUPS__,

create coordinate ${sytemCubeID} of __APPLICATION_DOMAINS__,
create group SYSTEM_DOMAINS of __APPLICATION_DOMAINS__,
add coordinate ${sytemCubeID} to SYSTEM_DOMAINS of __APPLICATION_DOMAINS__,

# ADMIN ROLE
create group ROLE_ADMIN of __TASK_ROLES__,
create group ROLE_ROOT of __TASK_ROLES__,
add coordinate ROLE_ROOT to ROLE_ADMIN of __TASK_ROLES__,

# CONSOLE
create group ROLE_CONSOLE of __TASK_ROLES__,
add coordinate ROLE_CONSOLE to ROLE_ADMIN of __TASK_ROLES__,

create coordinate TSK_CONSOLE_LOGIN of __TASK_ROLES__,
add coordinate TSK_CONSOLE_LOGIN to ROLE_CONSOLE of __TASK_ROLES__,

create coordinate TSK_CONSOLE_RUNSCRIPT of __TASK_ROLES__,
add coordinate TSK_CONSOLE_RUNSCRIPT to ROLE_CONSOLE of __TASK_ROLES__,

# CUBE
create group ROLE_CUBE_ADMIN of __TASK_ROLES__,
add coordinate ROLE_CUBE_ADMIN to ROLE_ADMIN of __TASK_ROLES__,
create group ROLE_CUBE_ROOT of __TASK_ROLES__,
add coordinate ROLE_CUBE_ROOT to ROLE_ROOT of __TASK_ROLES__,
create coordinate TSK_CRE_CUBE of __TASK_ROLES__,
create coordinate TSK_VIE_CUBE of __TASK_ROLES__,
create coordinate TSK_VIE_CUBES of __TASK_ROLES__,
create coordinate TSK_UPD_CUBE of __TASK_ROLES__,
create coordinate TSK_DEL_CUBE of __TASK_ROLES__,
add coordinate TSK_CRE_CUBE to ROLE_CUBE_ADMIN of __TASK_ROLES__,
add coordinate TSK_VIE_CUBE to ROLE_CUBE_ADMIN of __TASK_ROLES__,
add coordinate TSK_VIE_CUBES to ROLE_CUBE_ADMIN of __TASK_ROLES__,
add coordinate TSK_UPD_CUBE to ROLE_CUBE_ADMIN of __TASK_ROLES__,
# TSK_DEL_CUBE should be reserved to ROOT
add coordinate TSK_DEL_CUBE to ROLE_CUBE_ROOT of __TASK_ROLES__,

# DIMENSION
create group ROLE_DIMENSION_ADMIN of __TASK_ROLES__,
add coordinate ROLE_DIMENSION_ADMIN to ROLE_CUBE_ADMIN of __TASK_ROLES__,

create group ROLE_DIMENSION_ROOT of __TASK_ROLES__,
add coordinate ROLE_DIMENSION_ROOT to ROLE_CUBE_ROOT of __TASK_ROLES__,
create coordinate TSK_CRE_DIMENSION of __TASK_ROLES__,
create coordinate TSK_VIE_DIMENSION of __TASK_ROLES__,
create coordinate TSK_VIE_DIMENSIONS of __TASK_ROLES__,
create coordinate TSK_UPD_DIMENSION of __TASK_ROLES__,
create coordinate TSK_DEL_DIMENSION of __TASK_ROLES__,
add coordinate TSK_CRE_DIMENSION to ROLE_DIMENSION_ADMIN of __TASK_ROLES__,
add coordinate TSK_VIE_DIMENSION to ROLE_DIMENSION_ADMIN of __TASK_ROLES__,
add coordinate TSK_VIE_DIMENSIONS to ROLE_DIMENSION_ADMIN of __TASK_ROLES__,
add coordinate TSK_UPD_DIMENSION to ROLE_DIMENSION_ADMIN of __TASK_ROLES__,
# TSK_DEL_CUBE should be reserved to ROOT
add coordinate TSK_DEL_DIMENSION to ROLE_DIMENSION_ROOT of __TASK_ROLES__,

# COORDINATE
create group ROLE_COORDINATE_ADMIN of __TASK_ROLES__,
add coordinate ROLE_COORDINATE_ADMIN to ROLE_CUBE_ADMIN of __TASK_ROLES__,
create coordinate TSK_CRE_COORDINATE of __TASK_ROLES__,
create coordinate TSK_VIE_COORDINATE of __TASK_ROLES__,
create coordinate TSK_VIE_COORDINATES of __TASK_ROLES__,
create coordinate TSK_UPD_COORDINATE of __TASK_ROLES__,
create coordinate TSK_DEL_COORDINATE of __TASK_ROLES__,
add coordinate TSK_CRE_COORDINATE to ROLE_COORDINATE_ADMIN of __TASK_ROLES__,
add coordinate TSK_VIE_COORDINATE to ROLE_COORDINATE_ADMIN of __TASK_ROLES__,
add coordinate TSK_VIE_COORDINATES to ROLE_COORDINATE_ADMIN of __TASK_ROLES__,
add coordinate TSK_UPD_COORDINATE to ROLE_COORDINATE_ADMIN of __TASK_ROLES__,
add coordinate TSK_DEL_COORDINATE to ROLE_COORDINATE_ADMIN of __TASK_ROLES__,

# GROUP
create group ROLE_GROUP_ADMIN of __TASK_ROLES__,
add coordinate ROLE_GROUP_ADMIN to ROLE_CUBE_ADMIN of __TASK_ROLES__,
create coordinate TSK_CRE_GROUP of __TASK_ROLES__,
create coordinate TSK_VIE_GROUP of __TASK_ROLES__,
create coordinate TSK_VIE_GROUPS of __TASK_ROLES__,
create coordinate TSK_VIE_MEMBERS of __TASK_ROLES__,
create coordinate TSK_UPD_GROUP of __TASK_ROLES__,
create coordinate TSK_DEL_GROUP of __TASK_ROLES__,
add coordinate TSK_CRE_GROUP to ROLE_GROUP_ADMIN of __TASK_ROLES__,
add coordinate TSK_VIE_GROUP to ROLE_GROUP_ADMIN of __TASK_ROLES__,
add coordinate TSK_VIE_GROUPS to ROLE_GROUP_ADMIN of __TASK_ROLES__,
add coordinate TSK_UPD_GROUP to ROLE_GROUP_ADMIN of __TASK_ROLES__,
add coordinate TSK_DEL_GROUP to ROLE_GROUP_ADMIN of __TASK_ROLES__,

# USER
create group ROLE_USER_ADMIN of __TASK_ROLES__,
add coordinate ROLE_USER_ADMIN to ROLE_ADMIN of __TASK_ROLES__,
create group ROLE_USER_ROOT of __TASK_ROLES__,
add coordinate ROLE_USER_ROOT to ROLE_ROOT of __TASK_ROLES__,
create coordinate TSK_CRE_USER of __TASK_ROLES__,
create coordinate TSK_VIE_USER of __TASK_ROLES__,
create coordinate TSK_VIE_USERS of __TASK_ROLES__,
create coordinate TSK_UPD_USER of __TASK_ROLES__,
create coordinate TSK_DEL_USER of __TASK_ROLES__,
add coordinate TSK_CRE_USER to ROLE_USER_ADMIN of __TASK_ROLES__,
add coordinate TSK_VIE_USER to ROLE_USER_ADMIN of __TASK_ROLES__,
add coordinate TSK_VIE_USERS to ROLE_USER_ADMIN of __TASK_ROLES__,
add coordinate TSK_UPD_USER to ROLE_USER_ADMIN of __TASK_ROLES__,
# delete user reserved to root user
add coordinate TSK_DEL_USER to ROLE_USER_ROOT of __TASK_ROLES__,

# BASIC AUTH
create group ROLE_BASICAUTH_ADMIN of __TASK_ROLES__,
create coordinate TSK_CRE_BASICAUTH of __TASK_ROLES__,
create coordinate TSK_VIE_BASICAUTH of __TASK_ROLES__,
create coordinate TSK_VIE_BASICAUTHS of __TASK_ROLES__,
create coordinate TSK_UPD_BASICAUTH of __TASK_ROLES__,
create coordinate TSK_DEL_BASICAUTH of __TASK_ROLES__,
add coordinate TSK_CRE_BASICAUTH to ROLE_BASICAUTH_ADMIN of __TASK_ROLES__,
add coordinate TSK_VIE_BASICAUTH to ROLE_BASICAUTH_ADMIN of __TASK_ROLES__,
add coordinate TSK_VIE_BASICAUTHS to ROLE_BASICAUTH_ADMIN of __TASK_ROLES__,
add coordinate TSK_UPD_BASICAUTH to ROLE_BASICAUTH_ADMIN of __TASK_ROLES__,
add coordinate TSK_DEL_BASICAUTH to ROLE_BASICAUTH_ADMIN of __TASK_ROLES__,

# PATH EVAL
create coordinate TSK_EVAL_PATH of __TASK_ROLES__,

# META
create coordinate TSK_CONSOLE_METASTMT of __TASK_ROLES__,

# GRANTS
add Access.grant for path { __TASK_ROLES__ = ROLE_ROOT , __APPLICATION_DOMAINS__ = SYSTEM_DOMAIN, __USER_GROUPS__ = ROOT } in ${sytemCubeID},
add Access.grant for path { __TASK_ROLES__ = ROLE_ADMIN , __APPLICATION_DOMAINS__ = SYSTEM_DOMAIN, __USER_GROUPS__ = ADMIN } in ${sytemCubeID},

noOp
assertions

assertTrue test exists? cube ${sytemCubeID},
assertTrue test exists? dimension __USER_GROUPS__,
assertTrue test exists? dimension __APPLICATION_DOMAINS__,
assertTrue test exists? dimension __TASK_ROLES__,

assertTrue test exists? coordinate ROOT of __USER_GROUPS__,
assertTrue test isagroup? coordinate ROOT of __USER_GROUPS__,

assertTrue test exists? coordinate ADMIN of __USER_GROUPS__,
assertTrue test isagroup? coordinate ADMIN of __USER_GROUPS__,

assertTrue test exists? coordinate root of __USER_GROUPS__,
assertTrue test exists? coordinate admin of __USER_GROUPS__,
assertTrue test exists? coordinate viewer of __USER_GROUPS__,
assertTrue test exists? coordinate remoteAdmin of __USER_GROUPS__,
assertTrue test exists? coordinate remoteViewer of __USER_GROUPS__,
assertTrue test coordinate root memberof? ROOT of __USER_GROUPS__,
assertTrue test coordinate root directmemberof? ROOT of __USER_GROUPS__,
assertTrue test coordinate root directmemberof? CONSOLE_USERS of __USER_GROUPS__,
assertTrue test coordinate ROOT memberof? ADMIN of __USER_GROUPS__,
assertTrue test coordinate root memberof? ADMIN of __USER_GROUPS__,

assertTrue test coordinate admin memberof? ADMIN of __USER_GROUPS__,
assertTrue test coordinate admin directmemberof? ADMIN of __USER_GROUPS__,
assertTrue test coordinate admin directmemberof? CONSOLE_USERS of __USER_GROUPS__,

assertTrue test coordinate viewer memberof? VIEWER of __USER_GROUPS__,
assertTrue test coordinate viewer directmemberof? VIEWER of __USER_GROUPS__,
assertTrue test coordinate viewer directmemberof? CONSOLE_USERS of __USER_GROUPS__,

assertTrue test coordinate remoteAdmin directmemberof? BASIC_ACCOUNTS of __USER_GROUPS__,
assertTrue test coordinate remoteViewer directmemberof? BASIC_ACCOUNTS of __USER_GROUPS__,
assertTrue test exists? coordinate __TESTSYSTEM__ of __APPLICATION_DOMAINS__,
assertTrue test exists? coordinate SYSTEM_DOMAINS of __APPLICATION_DOMAINS__,
assertTrue test isagroup? coordinate SYSTEM_DOMAINS of __APPLICATION_DOMAINS__,

assertTrue test exists? coordinate ROLE_ADMIN of __TASK_ROLES__,
assertTrue test isagroup? coordinate ROLE_ADMIN of __TASK_ROLES__,
assertTrue test exists? coordinate ROLE_ROOT of __TASK_ROLES__,
assertTrue test isagroup? coordinate ROLE_ROOT of __TASK_ROLES__,

assertTrue test exists? coordinate ROLE_CONSOLE of __TASK_ROLES__,
assertTrue test isagroup? coordinate ROLE_CONSOLE of __TASK_ROLES__,
assertTrue test exists? coordinate TSK_CONSOLE_RUNSCRIPT of __TASK_ROLES__,
assertTrue test coordinate TSK_CONSOLE_RUNSCRIPT memberof? ROLE_CONSOLE of __TASK_ROLES__,

assertNoop
commit.
Resulting DOT image generated with GraphViz