nvflare.security.security module

class Action

Bases: object

BYOC = 'byoc'

CUSTOM_DATALIST = 'custom_datalist'

DEPLOY = 'deploy'

OPERATE = 'operate'

TRAIN = 'train'

UPLOAD = 'upload'

VIEW = 'view'

class EmptyAuthorizer

Bases: Authorizer

Base class containing the authorization policy.

authorize(ctx: ~nvflare.fuel.sec.authz.AuthzContext) -> (<class 'object'>, <class 'str'>)

evaluate_user_right_on_site(right_name: str, user_name: str, site_name: str)

class FLAuthorizer

Bases: Authorizer

System-wide authorization class.

Examine if a user has certain rights on a specific site based on authorization.json file.

authorize(ctx: FLAuthzContext)

evaluate_user_right_on_site(right_name: str, user_name: str, site_name: str)

Check whether a user has a right in an org.

Superuser has all rights in all orgs.

Parameters

• right_name – right to be evaluated

• user_name – user to be evaluated against

• site_name – the org

Returns

A tuple of (result, error).

result: True/False for bool type right; Int number for int rule; None if error occurred during evaluation

error: Error occurred during evaluation

class FLAuthzContext(user_name: str, site_names: List[str], actions: List[str])

Bases: AuthzContext

System-wide authorization context.

Information about the authorization, such as roles, users, sites and actions

Parameters

• user_name (str) – user name

• site_names (List[str]) – all the sites to be checked

• actions (List[str]) – associated actions

static new_authz_context(site_names: List[str], actions: List[str])

class Right

Bases: object

DEPLOY_ALL = 'deploy_all'

DEPLOY_SELF = 'deploy_self'

OPERATE_ALL = 'operate_all'

OPERATE_SELF = 'operate_self'

TRAIN_ALL = 'train_all'

TRAIN_SELF = 'train_self'

UPLOAD_APP = 'upload_app'

VIEW_ALL = 'view_all'

VIEW_SELF = 'view_self'

class Rule

Bases: object

ALLOW_BYOC = 'allow_byoc'

ALLOW_CUSTOM_DATALIST = 'allow_custom_datalist'

action_checker_signature(user_name, site_name)