```

### 4. List of permissions defined for admin operations

#### Config management permissions

- admin:ConfigUpdate

#### User management permissions

- admin:CreateUser
- admin:DeleteUser
- admin:ListUsers
- admin:EnableUser
- admin:DisableUser
- admin:GetUser

#### Service management permissions

- admin:ServerInfo
- admin:ServerUpdate
- admin:StorageInfo

		t.Fatalf("Initializing xlStorage failed with %s.", err)
	}

	// Attempt to create a volume to verify the permissions later.
	// MakeVol creates 0777.
	if err = disk.MakeVol(t.Context(), testCase.volName); err != nil {
		t.Fatalf("Creating a volume failed with %s expected to pass.", err)
	}

	// Stat to get permissions bits.
	st, err := os.Stat(path.Join(tmpPath, testCase.volName))
	if err != nil {

name: "Check markdown links"

on:
  push:
    branches:
      - master
  pull_request:
  workflow_dispatch:

permissions: {}

jobs:
  check-links:
    permissions:
      contents: read
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Check links
        uses: lycheeverse/lychee-action@v2.7.0
        with:
          # excluded:

# See the License for the specific language governing permissions and
# limitations under the License.
# ==============================================================================

name: cffconvert

on:
  push:
    paths:
      - CITATION.cff

permissions:
  contents: read

jobs:
  validate:

name: "Check CODEOWNERS file"

on:
  push:
    branches:
      - master
  pull_request:
  workflow_dispatch:

permissions: { }

jobs:
  code-owners-validation:
    permissions:
      contents: read
      id-token: write
    runs-on: ubuntu-latest
    steps:
      - name: Get Secrets
        uses: gradle/actions-internal/get-aws-secrets@v1

  DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
  # Enable debug for the `gradle-build-action` cache operations
  GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true

permissions: {}

jobs:
  build:
    name: "Compile All"
    permissions:
      contents: read
    runs-on: ubuntu-latest
    steps:
      - name: git clone
        uses: actions/checkout@v6
      - id: setup-matrix

# See the License for the specific language governing permissions and
# limitations under the License.
# ==============================================================================

name: OSV-Scanner Scheduled Scan

on:
  schedule:
    - cron: 0 4 * * 1

permissions:
  # Require writing security events to upload SARIF file to security tab
  security-events: write

		"Unable to use specified port",
		"Please ensure MinIO binary has 'cap_net_bind_service=+ep' permissions",
		`Use 'sudo setcap cap_net_bind_service=+ep /path/to/minio' to provide sufficient permissions`,
	)

	ErrTLSReadError = newErrFn(
		"Cannot read the TLS certificate",
		"Please check if the certificate has the proper owner and read permissions",
		"",
	)

	ErrTLSUnexpectedData = newErrFn(
		"Invalid TLS certificate",

  schedule:
    - cron: '26 3 * * 2'
  push:
    branches: [ "master" ]

# Declare default permissions as read only.
permissions: read-all

jobs:
  analysis:
    if: github.repository == 'tensorflow/tensorflow' # Don't do this in forks
    name: Scorecards analysis
    runs-on: ubuntu-latest
    permissions:
      # Needed to upload the results to code-scanning dashboard.
      security-events: write

name: Check issues metadata

on:
  issues:
    types: [ opened, labeled, unlabeled, closed, reopened, milestoned, demilestoned ]

permissions: {}

jobs:
  check_issue_metadata:
    permissions:
      issues: write
    runs-on: ubuntu-latest
    steps:
      # Check that issues have proper metadata: labels and milestone
      # https://github.com/gradle/issue-management-action/blob/main/src/issue-metadata.ts