Rudder

The idea is to be able to have new roles defined from system roles (atomic permissions or plugin roles).

The general (that will be documented at the end of the implementation) would looks like:

<authentications>
  <custom-roles>
      <role name="role_a0" roles="node_read,node_write,configuration" /> <!-- node_read,node_write,config_*,parameter_*,technique_*,directive_*,rule_* -->
      <role name="role_a1" roles="role_a0" />                            <!-- node_read,node_write,config_*,parameter_*,technique_*,directive_*,rule_* -->

      <role name="role_b0" roles="inventory" />                          <!-- node_read -->
      <role name="role_c0" roles="node" />                               <!-- node_* -->

      <role name="role_d0" roles="role_a1,role_b0" />                    <!-- node_*,config_*,parameter_*,technique_*,directive_*,rule_* -->

      <role name="inventory" roles="....." />                            <!-- empty list - already defined -->
  </custom-roles>

  <user password="..." name="user_a0" roles="node_read,node_write,configuration" /> <!-- node_read,node_write,config_*,parameter_*,technique_*,directive_*,rule_* -->
  <user password="..." name="user_a1" roles="role_a" />                             <!-- node_read,node_write,config_*,parameter_*,technique_*,directive_*,rule_* -->
  <!-- same behavior than for roles -->
</authentications>