'permission'=>"CASE WHEN (Role.perm_add + Role.perm_modify + Role.perm_publish = 3) THEN '3' WHEN (Role.perm_add + Role.perm_modify_org = 2) THEN '2' WHEN (Role.perm_add = 1) THEN '1' ELSE '0' END",
'title'=>'Unrestricted access to any data and functionality on this instance.'
),
'perm_admin'=>array(
'id'=>'RolePermAdmin',
'text'=>'Org Admin',
'readonlyenabled'=>false,
'title'=>'Limited organisation admin - create, manage users of their own organisation'
),
'perm_sync'=>array(
'id'=>'RolePermSync',
'text'=>'Sync Actions',
'readonlyenabled'=>true,
'title'=>'Synchronisation permission, can be used to connect two MISP instances create data on behalf of other users. Make sure that the role with this permission has also access to tagging and tag editing rights.'
),
'perm_audit'=>array(
'id'=>'RolePermAudit',
'text'=>'Audit Actions',
'readonlyenabled'=>true,
'title'=>'Access to the audit logs of the user\'s organisation.'
),
'perm_auth'=>array(
'id'=>'RolePermAuth',
'text'=>'Auth key access',
'readonlyenabled'=>true,
'title'=>'Users with this permission have access to authenticating via their Auth keys, granting them access to the API.'
),
'perm_regexp_access'=>array(
'id'=>'RolePermRegexpAccess',
'text'=>'Regex Actions',
'readonlyenabled'=>false,
'title'=>'Users with this role can modify the regex rules affecting how data is fed into MISP. Make sure that caution is advised with handing out roles that include this permission, user controlled executed regexes are dangerous.'
),
'perm_tagger'=>array(
'id'=>'RolePermTagger',
'text'=>'Tagger',
'readonlyenabled'=>false,
'title'=>'Users with roles that include this permission can attach or detach existing tags to and from events/attributes.'
),
'perm_tag_editor'=>array(
'id'=>'RolePermTagEditor',
'text'=>'Tag Editor',
'readonlyenabled'=>false,
'title'=>'This permission gives users the ability to create, modify or remove tags.'
),
'perm_template'=>array(
'id'=>'RolePermTemplate',
'text'=>'Template Editor',
'readonlyenabled'=>false,
'title'=>'Create or modify templates, to be used when populating events.'
),
'perm_sharing_group'=>array(
'id'=>'RolePermSharingGroup',
'text'=>'Sharing Group Editor',
'readonlyenabled'=>false,
'title'=>'Permission to create or modify sharing groups.'
),
'perm_delegate'=>array(
'id'=>'RolePermDelegate',
'text'=>'Delegations Access',
'readonlyenabled'=>false,
'title'=>'Allow users to create delegation requests for their own org only events to trusted third parties.'
),
'perm_sighting'=>array(
'id'=>'RolePermSighting',
'text'=>'Sighting Creator',
'readonlyenabled'=>true,
'title'=>'Permits the user to push feedback on attributes into MISP by providing sightings.'
),
'perm_object_template'=>array(
'id'=>'RolePermObjectTemplate',
'text'=>'Object Template Editor',
'readonlyenabled'=>false,
'title'=>'Create or modify MISP Object templates'
),
// Urgently needed permission flag to avoid waking up next to a decapitated horse head sent by Enrico
'perm_publish_zmq'=>array(
'id'=>'RolePermPublishZmq',
'text'=>'ZMQ publisher',
'readonlyenabled'=>false,
'title'=>'Allow users to publish data to the ZMQ pubsub channel via the publish event to ZMQ button.'