diff --git a/apps/authentication/api/connection_token.py b/apps/authentication/api/connection_token.py index b0d4238a0..ca6e2f642 100644 --- a/apps/authentication/api/connection_token.py +++ b/apps/authentication/api/connection_token.py @@ -218,7 +218,7 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView 'list': 'authentication.view_connectiontoken', 'retrieve': 'authentication.view_connectiontoken', 'create': 'authentication.add_connectiontoken', - 'expire': 'authentication.add_connectiontoken', + 'expire': 'authentication.change_connectiontoken', 'get_rdp_file': 'authentication.add_connectiontoken', 'get_client_protocol_url': 'authentication.add_connectiontoken', } diff --git a/apps/rbac/builtin.py b/apps/rbac/builtin.py index ef8de353d..4e5ffb0a6 100644 --- a/apps/rbac/builtin.py +++ b/apps/rbac/builtin.py @@ -18,11 +18,10 @@ user_perms = ( ('assets', 'asset', 'match', 'asset'), ('assets', 'systemuser', 'match', 'systemuser'), ('assets', 'node', 'match', 'node'), - ('applications', 'application', 'match', 'application'), ) system_user_perms = ( - ('authentication', 'connectiontoken', 'add,view', 'connectiontoken'), + ('authentication', 'connectiontoken', 'add,change,view', 'connectiontoken'), ('authentication', 'temptoken', 'add,change,view', 'temptoken'), ('authentication', 'accesskey', '*', '*'), ('tickets', 'ticket', 'view', 'ticket'), diff --git a/apps/rbac/const.py b/apps/rbac/const.py index bd3fd38ee..558a4a26e 100644 --- a/apps/rbac/const.py +++ b/apps/rbac/const.py @@ -22,7 +22,7 @@ exclude_permissions = ( ('common', 'setting', '*', '*'), ('authentication', 'privatetoken', '*', '*'), - ('authentication', 'connectiontoken', 'change,delete', 'connectiontoken'), + ('authentication', 'connectiontoken', 'delete', 'connectiontoken'), ('authentication', 'ssotoken', '*', '*'), ('authentication', 'superconnectiontoken', 'change,delete', 'superconnectiontoken'), ('authentication', 'temptoken', 'delete', 'temptoken'),