From 40432b13e61f7dcec73b6da5a7c7ea8db1696b59 Mon Sep 17 00:00:00 2001 From: AlexicaWright <49636617+AlexicaWright@users.noreply.github.com> Date: Fri, 28 Feb 2025 13:46:23 +0100 Subject: [PATCH 01/10] recreate 539 --- modules/ROOT/pages/security/tool-auth.adoc | 12 ++ modules/ROOT/pages/user-management.adoc | 165 +++++++++++++++++++-- 2 files changed, 162 insertions(+), 15 deletions(-) create mode 100644 modules/ROOT/pages/security/tool-auth.adoc diff --git a/modules/ROOT/pages/security/tool-auth.adoc b/modules/ROOT/pages/security/tool-auth.adoc new file mode 100644 index 000000000..b52fdac83 --- /dev/null +++ b/modules/ROOT/pages/security/tool-auth.adoc @@ -0,0 +1,12 @@ += Tool authentication +:description: This section describes the seamless tool authentication functionality in AuraDB. + +Organization admins can allow users in a project to seamlessly and securely connect to a project and the instances within it. + +This feature can be enabled and configured from the Org settings. + +As an Org admin, you maintain access control of all projects within the organization. +You can select which projects and instances users can connect seamlessly to and which they should be required to use username and password to connect to. +To prevent unauthorized access and allow Project admins full access control, the authentication is used in conjunction with predefined roles with varying levels of access to the database. +This means that Project admins assign roles to the users that grants them seamless connection to the project and its instances as well as certain privileges to the databases there. +See xref:user-management.adoc#roles[User management - Roles] for more information. \ No newline at end of file diff --git a/modules/ROOT/pages/user-management.adoc b/modules/ROOT/pages/user-management.adoc index 66f0a260c..b984765ee 100644 --- a/modules/ROOT/pages/user-management.adoc +++ b/modules/ROOT/pages/user-management.adoc @@ -162,22 +162,22 @@ Users within a project can be assigned one of the following roles: :check-mark: icon:check[] -.Roles +.Roles and console capabilities [opts="header",cols="3,1,1,1"] |=== -| Capability | Admin | Member | Viewer +| Capability | Viewer | Member | Admin | View users and their roles | {check-mark} | {check-mark} | {check-mark} | View and open instances | {check-mark} | {check-mark} | {check-mark} | Access the Neo4j Customer Support Portal | {check-mark} | {check-mark} | {check-mark} -| Perform all actions on instances footnote:[Actions include creating, deleting, pausing, resuming, and editing instances.] | {check-mark} | {check-mark} | -| Clone data to new and existing instances | {check-mark} | {check-mark} | -| Take on-demand snapshots | {check-mark} | {check-mark} | -| Restore from snapshots | {check-mark} | {check-mark} | -| Edit the project name | {check-mark} | | -| Invite new users to the project | {check-mark} | | -| Edit existing users' roles | {check-mark} | | -| Delete existing users from the project | {check-mark} | | -| View and edit billing information | {check-mark} | | +| Perform all actions on instances footnote:[Actions include creating, deleting, pausing, resuming, and editing instances.] | | {check-mark} | {check-mark} +| Clone data to new and existing instances | | {check-mark} | {check-mark} +| Take on-demand snapshots | | {check-mark} | {check-mark} +| Restore from snapshots | | {check-mark} | {check-mark} +| Edit the project name | | | {check-mark} +| Invite new users to the project | | | {check-mark} +| Edit existing users' roles | | | {check-mark} +| Delete existing users from the project | | | {check-mark} +| View and edit billing information | | | {check-mark} |=== [NOTE] @@ -185,6 +185,141 @@ Users within a project can be assigned one of the following roles: Each project must have at least one Project Admin, but it is also possible for projects to have multiple Project Admins. ==== +Additionally, predefined roles are assigned certain privileges on the instance level as well. + +.Roles and database privileges +[options="header", cols="3,^,^,^,^,^"] +|=== +| Privilege +| Viewer +| Member +3+| Admin + +| +| +| +| Free +| Professional +| Business Critical + +| Access to database +| {check-mark} +| {check-mark} +| {check-mark} +| {check-mark} +| {check-mark} +| List constraints +| {check-mark} +| {check-mark} +| {check-mark} +| {check-mark} +| {check-mark} +| Create constraints +| +| {check-mark} +| {check-mark} +| {check-mark} +| {check-mark} +| Delete constraints +| +| {check-mark} +| {check-mark} +| {check-mark} +| {check-mark} +| List indexes +| {check-mark} +| {check-mark} +| {check-mark} +| {check-mark} +| {check-mark} +| Create indexes +| +| {check-mark} +| {check-mark} +| {check-mark} +| {check-mark} +| Delete indexes +| +| {check-mark} +| {check-mark} +| {check-mark} +| {check-mark} +| Find nodes and relationships and read their properties +| {check-mark} +| {check-mark} +| {check-mark} +| {check-mark} +| {check-mark} +| Load external data in queries +| +| {check-mark} +| {check-mark} +| {check-mark} +| {check-mark} +| Write to the graph +| +| {check-mark} +| {check-mark} +| {check-mark} +| {check-mark} +| Name management for node labels, relationship types, and property names. +| +| {check-mark} +| {check-mark} +| {check-mark} +| {check-mark} + +| List and end transactions for specified users on the database. +| +| +| {check-mark} +| {check-mark} +| {check-mark} +| List, create, delete, and modify users. +| +| +| +| {check-mark} +| {check-mark} +| List roles +| +| +| +| {check-mark} +| {check-mark} +| Create roles +| +| +| +| +| {check-mark} +| Assign roles +| +| +| +| {check-mark} +| {check-mark} +| Rename roles +| +| +| +| +| {check-mark} +| Remove roles +| +| +| +| {check-mark} +| {check-mark} + +| Privilege management footnote:[This includes to list, grant, and revoke privileges.] +| +| +| +| +| {check-mark} +|=== + === Inviting users As an _Admin_, to invite a new user: @@ -231,7 +366,7 @@ You can select the project(s) you have been invited to and choose to accept or d // You can also close the **Project invitation** modal without accepting or declining the invite(s) and later manually re-open the modal by selecting the **Pending invites** envelope icon in the console header. -[TIP] -==== -User management within the Aura console does not replace built-in roles or fine-grained RBAC at the database level. -==== +// [TIP] +// ==== +// User management within the Aura console does not replace built-in roles or fine-grained RBAC at the database level. +// ==== From 691ce5e58c82f73e2f21c2f29d34b09962d51d7b Mon Sep 17 00:00:00 2001 From: AlexicaWright <49636617+AlexicaWright@users.noreply.github.com> Date: Fri, 28 Feb 2025 14:02:25 +0100 Subject: [PATCH 02/10] add tool auth to content-nav --- modules/ROOT/content-nav.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index 0db201c1c..48b774ee6 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -95,6 +95,7 @@ Generic Start ** xref:security/secure-connections.adoc[Secure connections] ** xref:security/single-sign-on.adoc[Single sign-on] ** xref:security/encryption.adoc[Encryption] +** xref:security/tool-auth.adoc[Tool authentication] * xref:user-management.adoc[User management] From 90a5938a1173638ee9cc737b5a066543464a310b Mon Sep 17 00:00:00 2001 From: AlexicaWright <49636617+AlexicaWright@users.noreply.github.com> Date: Mon, 3 Mar 2025 15:45:36 +0100 Subject: [PATCH 03/10] address PR comments --- modules/ROOT/pages/user-management.adoc | 47 ++++++++++++++++++++++--- 1 file changed, 42 insertions(+), 5 deletions(-) diff --git a/modules/ROOT/pages/user-management.adoc b/modules/ROOT/pages/user-management.adoc index b984765ee..0e9745b78 100644 --- a/modules/ROOT/pages/user-management.adoc +++ b/modules/ROOT/pages/user-management.adoc @@ -13,7 +13,7 @@ The following roles are available at the org level and these are assigned via in * Member :check-mark: icon:check[] -.Roles +.Roles and organization capabilities [opts="header",cols="3,1,1,1"] |=== | Capability @@ -208,60 +208,84 @@ Additionally, predefined roles are assigned certain privileges on the instance l | {check-mark} | {check-mark} | {check-mark} + +| Start and stop database +| +| +| +| +| {check-mark} + | List constraints | {check-mark} | {check-mark} | {check-mark} | {check-mark} | {check-mark} + | Create constraints | | {check-mark} | {check-mark} | {check-mark} | {check-mark} + | Delete constraints | | {check-mark} | {check-mark} | {check-mark} | {check-mark} + | List indexes | {check-mark} | {check-mark} | {check-mark} | {check-mark} | {check-mark} + | Create indexes | | {check-mark} | {check-mark} | {check-mark} | {check-mark} + | Delete indexes | | {check-mark} | {check-mark} | {check-mark} | {check-mark} + | Find nodes and relationships and read their properties | {check-mark} | {check-mark} | {check-mark} | {check-mark} | {check-mark} + | Load external data in queries | | {check-mark} | {check-mark} | {check-mark} | {check-mark} + | Write to the graph | | {check-mark} | {check-mark} | {check-mark} | {check-mark} + +| Execute procedures and functions +| {check-mark} +| {check-mark} +| {check-mark} +| {check-mark} +| {check-mark} + | Name management for node labels, relationship types, and property names. | | {check-mark} @@ -275,37 +299,50 @@ Additionally, predefined roles are assigned certain privileges on the instance l | {check-mark} | {check-mark} | {check-mark} + | List, create, delete, and modify users. | | | | {check-mark} | {check-mark} -| List roles + +| Assign roles | | | | {check-mark} | {check-mark} + +| Remove roles +| +| +| +| {check-mark} +| {check-mark} + | Create roles | | | | | {check-mark} -| Assign roles + +| Delete roles +| | | | | {check-mark} -| {check-mark} + | Rename roles | | | | | {check-mark} -| Remove roles + +| List roles | | | From 8b97ffdd291c8fcb7ae1a09b8d3442a77c4d2830 Mon Sep 17 00:00:00 2001 From: AlexicaWright <49636617+AlexicaWright@users.noreply.github.com> Date: Thu, 10 Apr 2025 14:48:31 +0200 Subject: [PATCH 04/10] updates and images --- modules/ROOT/images/tool-authentication.png | Bin 0 -> 46578 bytes modules/ROOT/pages/security/tool-auth.adoc | 21 ++- modules/ROOT/pages/user-management.adoc | 142 ++++++++++++++++---- 3 files changed, 134 insertions(+), 29 deletions(-) create mode 100644 modules/ROOT/images/tool-authentication.png diff --git a/modules/ROOT/images/tool-authentication.png b/modules/ROOT/images/tool-authentication.png new file mode 100644 index 0000000000000000000000000000000000000000..0fb5ae0d576947978603df13f2c3ffd05d9b4c00 GIT binary patch literal 46578 zcmeFYgp&mQmL*~e*H^MMhxK#&KD365CribA_^cNV1pnapms1&z$bEKP{JS}U#iW8 zh2_MBg^A=GY)#Cqj6pzt{7OuQR#H4h_51X+^~i-3ibb{f7J%*#q9B9>D#*1ABMy^0 zfDAJcGP?Vv3i2z8oT`(cNUt(gor*{;U05f>@4TFfa7g*u4miBNi>}*EZrjP!@#K*= z=G)K5k3%Vt940pfbDRn=fi^Np41(>6pON9F+t8p;$RH?0J;B3M33dH_0ie{150^I| zh<-!o(x=y2pC7NjUzPm<@kk)(Ar5&&@!3%~j7t31g>|$bG5sZ59F&q=lg)A}$+-x5 zJb=kO@eiKKUuY5XsXu?gKMJlufPe)L$NvJ!S&GK$r*(Qq=!*&}uwe*~jGI8BbLeYXY6t=@8y zN+8im+pjDkmxfaufSUtD{}?}m8C<2k+t1L!E#l}$*O6OB4+J2?1b~8bfOz%@b#wZg z`MD&Lk5AxiMNFZZXGzgYOd8b8;8Ggdk$I)3!h33Zih&GWUj8|~e%Ku73_1!j-@>`0 zYKdIZWj)`60-bgO11URgn9_mX80g@kJBe}-YI3*C& z!PGgta`<=5PIz2!+5v63uW}45FrEH{3J&U;2lQ^i=c~4XFXIj1wt{6L5ZN$j z`VREMYmAq1tk52K9@v@)UkO6{XY8dinCX!*LnV9Z1}lfp2UvF}x7+N!TTplisw12G z+V_O7dAu;XV7kG5k$rJ|!MCD61&Gk#VIClSg?I#o)TF`-kW3jh{*O!;Sz(My?5H?G!EJ$9L9-Fl%Fi>QEHR9DxZnGK z`u~Lg(YX-|!x@a*6;>CBRb-R1pfdgTNM&29REE6}jw3sfXOpuiKP8_n$Nz06!7716 z0<17mB2i*Of;~Zp3N2AOab+|-;WlwBA(~oOkwAgCET#0RbH8))$;Cov8FyZBHD(Uw!dkAYjO~x?s>{Ocyl&;sgpVB1iJpD|tD1%FhF-W3 zsKALIh6&7ESp6YwA^sr_{k$RCA%>z-`QP#vL?cC`BgKbk_sI4tht7xkDWE8bDaNEu zqzO_`rPYf@iq@pLrNt&vOc+fpCp5;PQZ%FxnX}cWyo_X6A6cdV)ok6y{`Gq51sZ1! zEjF;4TpARbDjGWV0hJjQ11j8=ZKejMZQ}{!67dI3yZa?VRYI5QD^1`` zFVnoIVh^x(TNZ0KuEXQ&RYdQTc9#+!s1xMPv+=cL7_W-I<>X+vLmCSm+urt zP$Cz3ba}l-Q-A9I5Z6Yx2)%KU1B_iq%`D6;tWTO7QW}Pwggk^^?0=<^DbLo5_=;b| z*_0+W{8)|ONvowZR2xcMFcM0IW7e#npAkGRTi5!?>|kFbZD)EFmT{V#(OS?FzgXZI z>u`3Tx_!U()d*7`)m`lxw_7PQ?i^bgd#vzNA*(XeHSegiGxik}=>1SGP%bU^(Y9`H zbGmP5Wwc!Va{mSH%WD_hQ&rcG(jO{Lu9a)68(W55n7&($llmJ`&br}{gUOOslA{uQ z)rZyHZ-E;~`}|&OF%7wv`Ex_s>2~R4=@(WH>mA)njV#>_wvxY-4k{xm2Q{~>H9O7~ zR?g}+*2LHL*E~l9$2472&XybY9KSmZo=aSg4pDEEIVd87bsynaftZ$xmPCb0TJbn9huc#dOu%?>y=34DEzuRS|l+ ze;){qiPz!t`%%s^(78WL)WdK@-%icvX>babe~Yt^ch)DtxnU>exVDT!L(!gjK4Xbz zJ#Kw=4rgiAo9D>QGhI`2j)ARvJ`2Dj@2;@-XGpO?F}S!ZbCRFeLDa+KsN%><_jUIn z^w3~x<0NHi#yQLLV;Axh?vQIGvzVbxm&bnOe)f8-VvJ5Tql!h>xnuRNe6LzsTSj|g zDWkek$F+5Hk+=AD9$^aC)b?ew!!F$Mbo9Knx&2aPqt(^5cO%O)z!Us&?xNc#=3Vbh zznAnZe|MNVdMxXRuk>SLw|R)5I4i!ht5Y>wl*fB{_|o&)^WZZ36)syoJCT>&O^02N z-_Bs#_v$75nc+oOLN^NG>wE5t*aFS1>hQ{V9J9BdwoR^qC7a{G0${SxE_8ZhoVo(tmVQ$z!C%mJT3$T8d#zNKXN%>|J4dMm;?S_ zbx^y%ItnTZi;DwGMMDQ;V;e^^Tc_X9pHINZnb%xN%}GsKip$W}nqJ??*1(wF&H8T= z5FR%!VAa~#NuS8g+RDa}%Z-=h?;c#h`d^P3NQnOK;$+E7q9!dzBy8(oOvFYHpa+of zeIX(u;&CuC;ZhJ0{Wm%A8!w5Olan161B0upE4?c-y{&^O10yFVCj)?qfr*I@*n`f| z-Ns4Zjn2lA^k0Mg*Ek}^j)o5Ac24HDHbj4ot8ZZI?8Hk#@)x83e*H^MV>k2v;bi0Z z?`Z)i$naMS10y|v;s1}!$=u}sLH1Y6zsUZc*T2~D{52StoVlB^mAZ(zHBhTS(fF9z zIC%bM^MAGckD&jeRCY9W5Vo}j5<2ny&$9fR_&*!}Pr|=hs{Id3b^zypviy&h|DgP9 z3S6=d=0I-xf9a5qk%!^`diL-BJPdy+_&*f>uhsnfDR4RYzVI;ow`uTw*)j+d0Ra&J z5f>3uasxfnhV)ZbMkBxx+))*XiMy}?J(iP*y+AaVFKGXcBG?v-T!0QCkBlCRDpw%f zCJ7OKlYL2h=&-r*YVp`1g;iEFu)(M??ez1NL8q0E;M*35$=b zyR)DGGBN}N=zkZ)$gkrow_w5l=WAffqalO*hY-MFgQ$|&{&&#-UaHou| zh?)ep@%;m#k!FM8Ff06~__H${_D9XN#X{r5F&Sq4!J#WuBT<+s66q9&+LF+Kb`HZ0 z_P}`1N+$kIce6uZR?gtdzqI@mDbSO;i-5~E9S|J;M*kCg=Qs$~{Ou`vTr>LKYxNGh z!Dz%(1-neSTtcx}s;Mf!f8=0-U#_{iO|u$@T?UWKez(OLUt7jxDoa?i*``sad0BF> z#5f#d(OHSN)#V)L{$gXe@Tor(sn}>Fu5CRYE>Euk^c737&525*Mb9Uwm)GbBz~z2Z zAnCKmhbQ?9mE56~67%ov0s-bPi^-roGGDE_X6OKuOrwf8n#deFZ0GNRWmoj{r&O`Q zW@BlGdaHhl54Y+Gb;T9JX0t=wbSg_3CClT4YBYv8@G>?#C+2V}yBL?_I4*D|$16dva{(Fm-?M!x6QOJA)`xX0Ir({jSG z8G)W`wr$IHrnu-UMKk}R+rH1W>>qi{%{uG2Yg{9SV^g4DC%HRv@ux3X~G} z3DclInB?p)EC`dyjPHaI?{daT{JuUKohP?HM>yj4XB$s7@AiaY?S>I;6|(s{N!4Nd zRWdU9-$fcNml{bvUEaP8hGR~(CB<)(Ab(w57){I$HTda28n#apOoeE38#52-Zx-&C zgxqczK^KxjKEh=s;`h}~++GA-;|2x~Y|ZryM$15+h5U!2>*WgCcgf4vW$q@)cMs8T zZnF6j?HXMM!K5&n&DNwp+7yeVj-Rw_{x%C_0tl9ROVbEKOyLMuSPn(4d=CU_wVE7K z89L2|JjrAR&8d@xa!KiQw%V$D@iR40h9nt{C@3(C+0Az&robUf58n6vWZk1|-;Zk? zM9|e{TQOE$-;FQnJi+y;!C$u-v!B|I{LioQg5k6z(%+sBwX60?AV783{P@pL?DajL zexs~*f6hQ@q*R$R=K&L4(L~=bdeYE{|902`{(hN^q6DKxBmv|DFB@Q!-UbfN&771r z9W7kC&I1KB+!fkHzox^zUmxdmec!+4x{D5tyPPc_JJ!~jj0in_hivox?y~!{jD$|NRv~3~SeY}fnh04M zxrTWNfdEYyz6E>|9XcP8ct)!~J-zGGhdGniRYm+hXLc-+nR202ahMLxh5^n+mEqZn z3ZL5}fnKLg)7cXvm(LqJm*W8~@4b?j z$3^R5iCnIbQsZd(T^}4n(CEq0jA6r#qiXtAl{S~+dP`L}LW>MDd*GnKqxnXAcj0Wi z_bZ!p7L#)36F~cpQ(Ixk7R7l1_QA8iyrb%us{*-0=aSui8i=gKE+j^lv#e z>kZ~;_?!+2s1#BH?zj8OY2k`yP&-+ZPNM%YZ8} zmB}r3^=5zeWN$+=eEh{Q;hQ~)L@Wv9SKnjuvOa5a!2k&QmB|d&@G9MI!DSKm^jjA5 z@mE5*Gqu`zIzTUQ^Qa#Be!jDN^Vr8>Cu|y(KFt9+I>_o0S>F|QcAphG9!|-hE!R>h zmnq#T)EX$|i#mr9@^>MgIIK^>)v{W4*If{69m?P*N}q-xY}L&>@aylXE>@_w;_v6L zw>m0Tgzh(zxO1ovSsyo}QC1*VYBs_L*S~A0v)B||HIQ7xru1E-@ip0ydmLa}ELByu zJN@ahPmb{OnS(7>;vylk{pcQ>&~ z=KJnu*4cNvkeI1ac=62aqp(n=G8sFyx}Gjtr!lb_t!q}4u@SDS5hy}#6= zrYKdY32IlXw<76Cw6Hs9=!O}Mi?nWswNbfkFQ^V6|i>&k5FzGq_=FUFtKZnR*H z+>f-4r<5jZF=m35x@)l~Ol>aVm7RAfdLoiFFyUyCos(juK)Ov$T_)H0mV&0$>afql zG-$VXkI`U zB9BMkoq2^94l6yy`$%hTX!7umG^C+G{|-+;LgB;XPpw*2V0$g%yG)1J?s`e_CZP9Q zs_046MDAcb)v_?~*TyfZA+X%{bbJ`8TJe%ks*Z1hnZ1?Sidy(SA8(Kls_H2}GR>}c z$*C(->rJM^&F3@(fs|t1?+@wD)>%?nJcDfz^c0F#wwTiCEG|Z2JEeN_M~`^YGTUu- zS24MFy|0ExiK^6^?#J=q(1>l@SseBTW%8XkozEs>FUFTT_~TrCm=6h5@pxnUkW4a@ z%ohiq1=8^$dPT;wNc>jzuz^i;WyX@sFz;9WNc8#^OCJ3m7o`Y6joRwJa49_>KO{2S zopKF_h1&VfHal@UH{N5zMM%@8ierodOJ^aV(8JLIB1O=-#$zgSTV0*bfMik(B#KS9 zlu%42;A%XaYv%SP(r69^Q$Z=3v~^kaomWex&d%>`WZhvi^subF3cC#{WfsjbBJWkE z(qo*^X*QauCPiadA2`z9!C}zm4EfLkGGT7@*IaBhDCkYF0HdU0QAOs8lxRaX+$*mH zCoocsL-nBG&?qdDM2;B^#l%Yi0sv%y_0QO@jUf&!_clr9qIT%m9X_l9C0U^&Z>*DTv#C$ymb0IKTz4IxSPKmg%nfL!$;k0c~tQjC|@v9Bet;fGy~N zs(#$-i&Uasj}ZmWINIU!4&~8lLKhJ9``1fN*do4gMZfLK1-D7t)`OZY7ww7b)6dvk zECZfUqZ;S*CVI5;D9i}bf=!@bfg40lci(7r3|(!omelpC9qq8rG$dZGSG8@1uSNU` ziG0K5{Swjjb$-te6x@7zn>Y%-cJk?Q%U9JcztfZShY&8i`N3~w(hJd~mu~rTHp!06 zwOC$nGj*we`8k=>rE1q!$jZpfuAK)T$DG0x@rdZevwM&Y!zSvS0*h0OJ}#G z_))>2+ZsSpCio>?OUHZvt22HHzg%qJKGu=vV63NDp`tsPeLx2B$#vn%j#PXoYnN{e3dZdmjl&wAHLT!X32nH59v&d^m_FX1~e2}HaAyz zh^#Ny8p@X@OUkD;m?w-X`eGwvxty#A11Bdj#r%*)q|LUl+Ok#TOhY}PP@lqRFx$N4 zBU!KBmQT*DC&X^E{yW}WF%hC*$&D~YD+QIG$7-z!VNhQYI)?HV{cFzybX*6}eYCHC z$1RYs99W9#I&n`Xat-SV!+a+}LA;Am0oFNdr5uA zDsd?+?4Q0VFwv5!{dCpd;*zC>c)hzguYXR73MIuLUG;)lnm$VK{iY3p7&D#MC5RQ? zTuT|2tm7fBEjCYRRwd_q@vSbR^kUR>^Yc&qGd-ME#4oJZ8DBjaM(-CVOTK=gN4Tsl zDZ&{n-Ed~ zP;TLhG5u!7#ibW_Ky+*pRS54EVY7|;B_iwTV3C&MSpg^rXbE4SLGn^WV<%HS#5Smc)*PFshL#sLahOf;tTM>r6Ic4ejNflwacz1n|=VFb=sd)9mLx@6;iy1aqE*SYRB0X|BpY`abpB56*KmkMfIV(uM zBvwWEOPCynZY{Jhs*90_8HzwN@{|6NE0pL}iU3S1g_I-)O^Z}I1bn6x>)SE4H2j8N z(R?_vXcR4JZ_D*U+yU-z7@>MjdKh5GiQ;xh2XKlJ9Li-~7L0>{OfbVj&1he?oQ`MZd84u;9<>L;38NkO@WP!rIKP1P z3iJS-|Ltr9fNTim`8)ULfL>dJAYb1mI$E1J@22~j!B2a_h)chZcP+LZfjs{S=rlgl zg@)%u3V^M4yUR@U0wd5B)6+NEp*4;A7Xc%cSy}F8O@2VYa)uFV!4idbr^iHaEL%3@ z9v)f@Ka10E zh6)W1r#;d~?cK7v=9!{OXF@q$vDAPZ6YY!F1|kJNinv+%G_w8qFb4yBvo9h!2rG5Q;p9IBQ{u=ar&pMZE4E%Q`BCwRE=1S5B7NRpNYda|4x6eM zD;-lmwZLv6uYxB&4ldc{F*j>Aas<6S@=c^0M-~WFsv!OKhyY$kAkl;e(?#gLzt^o~>GV3a=JdLFE?|19>hZxOm6C7KW*t_S8pho5;5Llq0C&T%+U&O zz2*a@9&79%nOiG?3_0S(UatKQVQGL^kTxkv@Jz%5Eun14jjPbbmdke zQB~WzX@bL_PmJF$X#oFwFymKaG28%H6srJ1GgIj_HdQc4w+Sk(7Qj~n{eV_=6-ciq zXxyK<6Vnh{U4{t$XuXnQi#0m!E}6V9T1{l9GCQ7+7st)NQWUuyWRb5hLFr&0Fs7F5 zHfOKz-3yGu7;gU9qVjSuWOFy7#P5i z=^G3e3AEHPkwg2Blk%89la73`C}ay%JM{23+NjCwF`naKsa@fty!*hI%SY(ly;mbW0iHNNkuZh)jlzgGEJxeJ8p|29hk(&BidCB)5|oM8 zM?mn4d=TLTD7RYb*4uk5em=kZ^66}L%SQ+T4dR0f+=x*CgzR&Ar^cU!O3XTS88J~p zzbzdrQO~4zbwWcbYPO{(NqukjPJfxh!zzZI%)O!T(?0aA-7fSQrC{lAEQ%2w`a-e6 z*dXs8SDG7T%93du=BWPWP(aJ_mJjXiv;e*1(k}{cAjG7r_pSkluj9t_F~MfPf|3Oo z#VCnF=-coA0{VrrF{JEmK+9Q#|7^~U5Yy{HDN*4%?;=>7dq_i;4N z*7iGeoh(=|S+2iyA`{2*3+_S>qguOth|tBZGg`ofm5B%2Od>8}%Dq3a2zUrSQA{Sq zD@liFpD*}{D-dw0A5T0){~SFOsZ5wLz0#w+7C(tjX>2mEJ^<0a6?QhajQf3Fq+)cZ z*t(IP`;4!4M^@4$mm>I}FI`D(cxhPXOlLY_HjzO$N;DErf5nz`z4(lg)Jm#$a;j{q{hf`||#PY}q=S&v|te7k8{?dWeFnveeH!xKz5& z0DBoaqHnnhEQy~os0(uup<_CzLZdScm<7Q4O%lvmSpq0ZV}KsQN*~nE3WdaCL3=ui zW!st2$E4RN;F&!_NO)+4*&DwzS9G$A7Ne|Zibna9ON2au@-soo-U2$2xvNYmPXspk zBp|5&;ucf4WDY`Ahk_V^lFQ) z&lscL^+BUBeKhl}pBPDX&`dIF_B{q)2+(EfUTLMTjJ5~R`z3?f#Cr^6Uw;PE-RrE0 z(T2bi{OLm`J+DcMH9X0Cc9xpZU1vJJJ7%_EYPNmjvO1Og8OY^}2l1+Uz7M|1C3Bmn z82=y&iW!|o6>@$%V>s-DY%B@yIV~W+d`c@vPP9)970xPcR=@f^yUUc|(oxMyZlNKd zQ_jsWZ0BM^Mjt=^>^Nnq7e{e|=j?C?-!@kq=%Qj8iLssit4AhMIL8J}pZkKtX{$+G z<^)qBdd7aWsxRrtv|>O&_}364Gh59B;KGepxFi=k2Go0S?~LgkgwQS%q_^KN?xY4u z%RQ0Ahyx*B-qow!1BJXeM{X{-4BlIF*S}-?>7&s;FJm7;-+R_Vg=!Myapwb zjkb^f4E)-&@x6M}LtUk|(q{#ge8prv-&8_ot1yh496rYS$+$qJ?ad&!N5?jbL9I3a zA~=>0E9KA|0GSxh<_KzH0H5qMRXdU(E<^aO~LC}bhF>?H7Vt%v!q z%_$m-%TjWv-~d1Lq{K{SyBr%WJCVi~2m^19YX!+Fcn_N$LviococxmT%|)-D4v~++ zvaF1;huuWCnS#7&WxBVSu|w=hxYcpr1vcs?Jzcw|)?&LykY4``^LfQPL%WRGd=_1! z-X!woho2yd5A`*+rY?-jI7O!MZJeGhNRY&I0=+@J(dz?#MdnHgTuO|dFv;X~`-HRc zr&6{0#Z?xi>`oYX#$oy_i|=f;Zgm#iZHw_(^qERobEBIuext?4P~k;6Rs>7Rk2zgh zDaIn1^aB#?Au>4eICcq}a^0Y6&e-(82z#&hV8rO3NaSaOZghrR9R z6R`DLJ|D)XSz2S#WwXd{czzssdZ(e-8H=;~gz*O(qW0>5$xaMSl88=E0=v_NZ^vp@N%ap@hl|4<$Vz0Oh~y> zZ+aMwhTeGLk1edphRGHWw1{ZRiX2oeOtB~ec{t%GeJIkCUk-nMSFxR@!24{p-NT~R zsMQ)MjA76v_$tVnr%Z();0itcfH?~hthpy-G(eBU_M1ri-4lc&yqF;>>KVBx}C`ibH+3Pv2?i79cQb>^^ z=X5qLs9Sb;z=41U4g5Iv@(HJkwh|ICN|yt^Kva= z$&}I>p+IKkRw?Q0LqmG@a{pc%7PH}#N4j{7l)-eD!+u#fG$^x_+tdz`&+iz)+=9(z z-TWb45D7G2_Fw`w zI1!Cc&kqXz=u-AZ5EgF9ib7wjR?=?=4SPIW-2aLT<;cZ2X==-HK9*|d`&*ipSeG0y zr;8nd&7zrhRr|G=!LJYf``Y$yd6LT<2|jJdKoL=vZwn&BT{ahaTdan$@@jA8TUud#izwNPSX{Vj z1gvp5Y*sl|oVxtYe)TjYq7EfXLKET^Gab7fZxM_y9-hXtBx zd~cdUHzo<0xLhwf#;k3N(75bWFu05kk@8ZElAnaGKqgT66!cNaQq@u-P2&A&Q|nWr z`@9KC7#9=;!B{u>CcIt8Q)U{>cECo{DWi?M@^3}A7PF-<7c0y6qonzVQPSNQWp?Ja z0QF3;-oWb*r+Huw@Wo?8qYsOO3EAVm%&htXe)y71N6i30VcwG!}41sMki{CFAz z2!g@5Dm>+Ykl6tIYitd!l;peuUf|1nh@~fDh&%JsIb^S|;bXFmm=T}ECNjBIOF(Be zz25N@_x5=90;YigC#1bX0LS{E>PC z*~oZm&!`k*B^dW*4un>xN6z0L9;tU7Pf%SiBK|v*Oh(H(p<)>lBu`Zv+*CURw+&!bxn>M+@h&%*<73TU;z|jO zRrFx=XGlr*8QPJQK`aI7a=mp7?)=PvzrsH@p9mQd zA`e{=FX}O&zy&p-uA2@R_zuJTW=CqzV2_VcAQRHgrb zCJDs+CFPGEiMoGsm52TdS0tk?F8)urQa}(;Nn?~z{UKx>e-mcJkOqBfkA|o(YLTA zrZ?aPPs8KVyVLoLbG1IXz!kDUI;ZnVL}G8{TC;NJ+wBzpV&{=tp8eD7Wq1DGX?sWg z&~CQxr*kXAU*MQ+ez3)LSLp-3&lxzch#bJ6Zq<8QTJyz^k~4w1d)#hl@(qDxX0_vu zcGqYPpxZ6)dK)DV=eOC&<95AhTYq&LVbbU{$sFs{(|yw5f3SPJ+$ydml+M$AxOh|> z(9h?~VKk(4gGWO_%Dn3Ge58NB9;Qn^dpzeaIXOM5-J^db9Sg>nZAfM4(z5)D1kZG` zKe}MK*!kN7RjPs&5tCl$%gJf`>6YNcyyWgfS6OX~&wEI6iofUC{MMN@yIiaO&h3(J zRd}{BO;?V}c^d>ZT=nrX<0B4n8sybi!eSRRl@hOsxvjhV_2$>Z&JWSVD?tIGZ&LQi zqor{JMC+Ymx-T?1l9mQT5#rTK)Uw#j1+MWd0 zrBB#8mJix=?DIU7^%P<}6OX5mzrR2G{J_lJzh$le9Z+1oe~(UIXLw$E_LAEEQJF1v z$H?Q&8e{ByV%uxc9*)6~|24bXh05nZ3cJ){(1HFjz!^myfVB7;%&zTwWpBZ*KeCn0 z(;wG0@QVj#Ad2VvwNBhECcOvJT~KIGfqJ!!baHc0(2WII%%5is{;m*5_mNP{{jnsM zHvHVj^_}xO9jZ8f!m_SDO|?q@Unr!aZt;1){Y+bQclE(~d${C`Z&~q+Kh7=J^@1EN z=6Zh*E2dq%Xx6OKZ*qFKVQPmZP`b+WF_3&?(j!2*#9rj_8XVSchn4K=I>1h9AeZ?g zL?o25YdGwi&v}cXFgJ96oPM7UQ}%~UJS)GfS|tzc`BvknUu}A~8SJ~uE;{eKlh9~3 zJG=4@02Ylb=eYi0rZ+HDd0C(Kt8~mZ)yY zy;n^2bKuI8#fHb~phX1SA%j8)JcB}@MAlQ3DF6S3`{?DWbLJpBn$&8;jOg7cG-1-4f-fc#$25sEV zW`={ULl3fqQP~Aopio&S!(juIn|*@b9Zt`f4US7TVQAcJU%$mfTP&7Hq=9Dex`Gb= zLJP%VuPBfEzQLf;p_KTJ$bfirGoV~6q%M(3U6@+wd?D$!T?0H)IvrifFC^(utE7x3 zP?yfy^|d>OHkD1wViF&x*uhEy=IRB;TCTX&pN=v-x0)(vqg+Dorg z<|5sCm188wVrDsCZw%%8+?708JGJ&WDJ@<%*eFtFMr;mwuPdf0rOoO2 z3or$d5QafNuqSU!!z;Uo2bTJdyVMmS31d17NwW*YW$VycS=cWYUG7mXSH<#`M&UOtlzYG1Nd)Iz_b0i^-onzBRYCWP3orDN;GXC` z%wL<@!^_d4z1`(gD82dZhgkH7D3t<_tg=pN!H}+Y3Gx|#J{qMg%8L}24O}G7yz=ws z!^uu`RjF||$wjP=V0^y*u`ishuB$L5f9L*Ry|kNo*wy>a$j zp=2_Z_3He5jSs#D@plJpvgCZqas9DKAF#;n4Nq71ixC-C-SSaGVS{9raX4GI9P7&G z6WrDQJ^0aNI!g@JW}{K8yk9{UzS}XeUxw#QC#PlGeT!P`cOBXpL|Dr@EsXao37iG) zVE;VQToU%;Wl_4)d+gm?pr;ReNSjV(6jrCt{$!Bv;vwdVRCH^_#DX9h@B;qqeC+o= z2c${$z^fXtqC<86QZ%{Rc3Sm_m%oh8@BaJ<)nK)iS}5-jT5I|&NHK%>rruFvAYlJt zvHztkeitvu-)dO4eF0=KSDVJ;Ahp>1ZJ^XbsK-(FHZ=31F0q^nli6Lb&8+lm;Fr?dt6@-B%5qilS|;*`|DWrOv2GfdPmC)AQ=dp_I9ch>{46#>=-&?WK|L zz}lZojQ3f+XZF6kRyuu_mU$Fz!X7jNg?0Mya>u@n95bm9 zW!G~rBV^8MwyP2A_Bh8;rd18e^8IjsF<8*RRHm>3LSk`I59po}d^TTcWDyrijO#_q zGJrn>jP*{Oj~E1S*xT`b(0fheQvN%iM!g2BZPvvS!}yyE?g2ey@MrSSX|V5)TijoY z+s8Wsy{yA~e94&|zNXG#v6WO?TuLTYE}Jy&Y$sDiN35;vc(o zI9s;0@Xx)>+~ex+Y$#PM)pX%;=J1WG$rsg`OL>NdQmZh(S=8+@l1X8arXxycsTjUg zm#4FPyjZ)OJ?JU$gJp&dS7;CfuoJne`SzWIo;RY)Qm6bB+_K&jg5%RJJHfoq*e-q2 zx>Q7GE&ywJ1{Z~gdr+ZEmjmMQ+yg!}=ysj#0J3nL8$yt`ip`Vf3u<7VN`TNbo=8U+ z!v|ZfS0;MmjH25^hUr&AnVbTiMHi2H1b=l%M>fw%Fnp2DVs@U+du6?Aem1y1gWb&y zPZsAFt45B6)Te;!L>g7|vFNq0{pxK>_M@@9G||=kGY!X%N=z3oxCEnJT5eFiP%riw9JN%!FHU8I zrhiCbtl#kV%0`my(d>z~QwKTp&*;>5$+DEr+fyu>*!_OPP_aQ( zI21_A(qw=Cv~|vjG3FHwOe=n*5UF^56iSFCqr~e>ZGxM>Mrn^` zoe@da_23Cggo0uwWU4OmdLZRguD42dYXwBrpyO$ri_#+e#AT0);}P6-pVO;Q7Wn`d zrEs0Zi|7S~!vyrCv^+97!Vlp>l*(3Rtk9X4wmo0T0ug{zqT^WOKPqy@Q<++Sd`Bk3 zIGj1$Xr>ic0YW<6zIKX>w-VE-G&yQ*+t5}n!V4QDNld;Qp(GxT%qMW9Kd(;lE<|H5 zYPML>&RA>}1&0L))_>-p+}$#C*RkZbrA9a-p7)ONtO%q5Z45%e)+)*WZdzuuFA#Jx zmN(p>1_hH^QA$rTsZ!3prN7;5C*Tfk4P6*D($V%$DILkh13o|1P}`C4h~{;2*td|! z-9kx;{@nz=f1=MYH_#Ad>j8SH`(1^8ce&mkkYJn&}+D78lxvSU#tZ81y z3^73hBs>;RL>^g%WjQRg`9lnWz z;AFW}rngVf(=Z6(-UK01$1osiw|XUZZ9H`vZ5D zoH=LIo1Tre7)67d<2685YOu(oasYVr99(LY)(LMGRdWaD49PKsY_ENg%z#+~ek?<& zlYUgM%2W@#Pk)Qk$5a%jrLBxja6=3X(#q#f!6Rx# z(3XI?Qa4~Erlg={1}1qcv?8;4)zS-=I;H9@?yS}yIQXqZ;KOS^nN^#{4NuT_5dvW} z-CDCulD2O1VkP_3qdOdGUXj;;K%?HK)8GW^&OLef;EB4@2nhA@#`;aT46>xgXgJeu z>snhdtQI6Ri}3|CTWt8VP^rnJ3?PII3;P%jNjS zIQ$XNKjyxT{1dySprbgUw`NWV+Rx&;ZxESV{|9Sa%?Wxus!EHRzCQ|!GRuX7fN5}P zu!1{2$G`z9B@7z6OIF$+D&H1*aL3A2ngL-kAKyEMX~7idAwg}=}8mLn!LVUp7Vb?XhH#~QqXgt zLJN>hzD267Ueiqn zPBG0k=T}+s$Ug8CxDJihJcY)S!F?Z-m|FlimRW$)gpJ3xq;IbfyLB21hH!)f5M3U& z#V^!1%BsxOQz&IIoZA$uGyYH2@ErfzScnA!9zdaF4E8g z@gaW+w9=8_iHJe(6Htw#5 zmw?We4X7svH}>gZxa9enCH||Y>$CbP4S2>~|6j7teQ*}zb;Wyd1jN?iwEC#CenikF zp~Y5)-JCl5y$IIS2b%F63#3DVQWk+vzAD{;?)p*~CjxU2TqAo77*0i;kU`RDe0UR% z*0jv+fXvt1$xWuKzbtGoL008}6kyUH1a=E@U}xsg2$-abT8D!NL!qW>!o)@^B`BDg zS#30z316NEIU%ngBbKfjMC~)pzVC4SY`<)tR#1`egQDZCzUtl9pS=||`M?@r^fOQA zE^dJdgnBVKbQR)Vl)}O~z?i_H#vPK@qF?@zL@OU*ab;xg;*<$Orj!yh1KJ}+>RU3L zGaGR3+|hD9f2-9h1f_`2ASVVOe?TCs*#pBkWYB_9V&f}D>pzSk2GyTxO_}(TqcM;J zI|MKFYlAyfW>L{?Sv;^dT})pfJH6 z8~yksu~gNk04aw;)07=GZn&f`xnz_gbuF4i|8VB3>R-rBV% zAz%7V!e;L8Byq`k<(hG8ti?1I=oldnFc$30ho8EBGEc)>=?}f|CqQg~ znfo~adKVP8Kp)kv7Ysbk!!_vfX=;pn`4q*3*DSO~vMJuA2Bk=CXF82dJM_WrL+ABo z5;^2q=FJqStNWR!tAb^&hixvr*0RYp)3Hy^_o|l4WXk7h(UCIj zkM1fEwx*H8I8J!7hwEkCxV-z?vO!Ds??vG!8_V?Jaz6nKHDWBhiK^Fn*>!cwm-#(w zPf5)iPW;4K@Fgd@f36tU6SK>DIgj-Zws#WfLh^y8`sOLcmhxB&u8O-{G!|k{1t4d0C@f7cKCB{|xgAVjTYR?( zecYaR?>!Z0*A~5L3Vw+ofUUk}gT04Z7VU-Tmg(344dz@r$t(+I!7O0(_kpKL>UAZ+ z(s#{Rs{kY8Y`%i|kpQfNF4!lrGoE<{XTc&;=A&zt%HjaDLr>v&ntuJd1x?y31T}V_H>)yg zp1VuU)O{O1AP~++c#L%6Ga&XO^pW7g1HcD-yTo%r&eqEUQedGUR*4s@s7#Gn-rZ)VduEq&6K`^bn%Fk=!fEnHNEmf?3{_ zf!9!m(c~#dD>I{XWyZ*hg6gAR_H8hi1u+5L4Nao=V<5{^@w-ey)Ha9S8z&@McV*DKam8E04(Qhx@=y@YSyo%W&mC9f!qZ{hZ#I!uSR9j7;$xE2nmKsSKM9VHatFof9PEUY@5GrQNfOqO2ZO;B$lQ+tGkIVCgtPo&e@$+WR%pKQyuCiLayO{Fu}T>P zn)1!`3OOKnv>|zwy8AUnnL(fjvi=5b%`hAW+feftK2EB`7L(8iA3yuO6WO?BJXYJ2 zD9GMWc!D$N7;eTK-3z*}0Tw~kdb|*>TPqo-!EE%_$>0I2gz-e0;ptyIwJi)l?0jrT zQah6@a#^lOHbj&R7PR$12Eaf8U95V&#Cav;hqg(#`n>b|9RbsutN4JuYX4*`^N8La znA8=Il?EZE8yTl(6oS^$>SR<{{5BRyo2Jp;0jSY~gRAAsfV@Y?2Kl}M@;-P(^q-lc z&IpgXE5h}QRnM)j2U=@4FsZJxammNTb$gTumhhkOPXspA$Y>#`u-NHI zWM^nFCd90!;?(F-v|N{TJ*uAxacFN?npS!cUKGeeY4&iWDDRlF;CtTiwvn-zlN3y@ z4AZ6oHaEbXqjwvR+<@0zdAI$gfWw8NQK*8<9@Diw9bY=IqdXsLp`y3ZT$pL z?Wn&m+p44m287aGFy=g4*ct^@2Yxt(ZsM0{^X3p=I>bI3Tv~>yGm_c))pUq9p6L4I zEY>NkQ@Y;sEO}~U|8Ctg_;%Jbw>jc~ zI_EfN`lvzCF@uW%jm2@pOA_}A*Eot@%PZdo{Qynd0f@=lXG`+vw$GK@Kn`NvLuFL+ zIz~Qu(Ykd0iSPtG#g`j#s-b3;9?HX(h1zScAhnjwWib^fadj(^ZyN&qE=keL@-;bX z8T~8q0Hx9F2n4Tr7jXM5P{kKw;JbxvP$TKaIffHvxhF#q*zjsyhJue9~ z2rA?x60xVOyMYbZ0+chu734f>IeUHGiFCvg@+1qG`LKVu0Hk#{en#=8w-z1oe$!b% zhO30tP1)#N)WAz8atNW}tKi1c>qkg6dJs0BZ40ii28Dx2LVw_Tvpwbb2z7E1u+vXk z_{5ZXY^T$Ec##od!jgp7(l)D@yugkAPPJ<}ls*q0x4fgTR)0k4 z&*=|lwCTDrn$O6jf|@TUr!A8UT&qKfr;bxPdaGDYq8@6@fOd*RmK@*TulxDjMVNEML^O3AY64)|rtvR@>EXnuceqc%|c+*XCe&C+GR zo>$B=D~J<|q8WOq^&n&FGucZ%Hl%1=EqgH@x5|^`avBb{MBMbjk5dJ601@`1Qx0X< z(bzV3v9}xc{z#iUcH+pzXR9vN?olm7ZD9a$QYNPAh4B~57c`opN~eIr%7730rCtNU zt#3vU@`cv^LGIXCh#L;@B}PtF#i|`;F4`3*zlIA4&W+x;Cnruu&Q&WxLF6eJqUYB!lPc$GAdN}c= zFp4l`Gqgo%hTE?}Fm-f5NQ~kg z-k_pm6=Rih1c1=IaPjt*y0$lywC!GD5IS!ap4PVcH}VD6v4OU_+ZcZdbqp}WE#Y(o zL=`B$E?i$xq$z4X^N67nUD_>~=p%-H*Xa>b|Hxex<4EG@r0*M&VD`EH+TlFbKh$)& zA=Bg}X;Z={tG8ECu+Wkx{*{||3YoUYwVSYD@!d-WZ=hST-IY4B@y(~H3pbQmtaG6D zU5T+@2=dNB9HT&<(YG6H>g1i?`=zbx>t~a^mHfc)&Ma-7mf}wp-EOxYjj27okB>aJ z^2m9IH+V4iJCTvq5Ez?BJ5OnxG=6A z44!2i-}j2z5#TFNe@nK>5l2zvUdF)@W=xzQ2gxwt^v=eNA6+Z~VZAI06`}71n zccCulhI=~82|4AJy;_z_W7t1V;{MH`UdCfs)7hhC;gJMB(Un`BOvZhJ9>t`VP3A zY>E_uh)Ml+YUfP7k_E zq6;l7A#T&PCWC?kkwXbq^?iLn>Vj--=l-70v$XODU>cG=&g{!N<&zmNIxhR_L|;;- z{T)>f#BVU)zmoVpK|p8#0751Q<`3EpAee{~S{UaXRTd%diu`|J4B&rb4AjHLo&V1E zgGB%Zfd+mc`;dkV+_6t{l*w5>nmvgjWO{0 z1jHD05ywOP-D(cbZ+J&NPVCj+Knn;wpqAhW#iW#fBO7La11Cymlj2nV23lprSx6y@aS?{%%#6?Kix`jE#KvZ=ePA=il%SJOy#NzgsQ& z4V?H^%0yN9w-LI2Gs$d3N%;KTs{H@8>H82Iyx*ViA$XdqeF$EfQ{P%$qidfT7Str3 z{uV6@2gXGCH4P1o1ppfIXf7Rs%-}A!MmyjsB_N)R+V1K6k*BFXSdW}qh6!~i2g^ng zf`&%?ZyRpFh-`Fz!948Nc|PbS-_8mZ5|H2Wa*GCi*U#8s!OZUIc zCJS+dE*q2dmtjCYfq2tANL{3Q=XtU84+kVklM4&t z{WOcI`yZsvZ}J^huniVK4r~XD9GZ0jR_c+i5bbYt)t_C4fCars-S`47;%ywV_zQx4 z7I>KO&->6|-GU%5*GJ&zQfxc^Vo5x7AhnfrBvC?cGGmDJh)+Ls&TB~%zVc`S3aCHbq1M9>dD{BdlVjM#dwImgN)vxUem zFUOUh2c7S2p03a1oo{!=nqsmCLjoI_o@W!|op=SV_vd_^3}jX$&=Am|rJgIT#`zD& z9r`!V=Z$5@MQ*m6TS{EEH$T34_*3MZs8pDm{mE$J^%-$Qmwx|x zud)E|(X4f)w_io)UCfk43C5m}dBx;7Qe?&;Wbs=Mes>rNiOE%6KC5L9Fs7HqgTK_8 z*75E@PA2t$)~E&E!GM3g;pR3Gb+%G+@F|XU=)LTiO-Bma z+OlG(-cl_#g{}C^g#}v09`_c=U{m=Vf92ZSDi^Hh{2GE<)Frc9zb^SGsPN>ZDJzk1 zvdC|UOMF=N?f`|)<>uqD+V1x?@&KiZ+t)h~|JnP?r~bKd}j6BOuX5i(>XY1i>0(HsH4_=v=uS=*~M`5NlYDuw-j|1Fkq(tMk+Y$E^ zE~iF|HzdQ0R61dPT<=-Xl$XwX6rP<&C>7vW&K*c)(mqVN1jL$^1*o+fv9MXLMKbR? zjk-YEf9t2lkAo3yMd*!R1R==aaZLW&!SO}P;fF@!Y5o-YlB)BD!CMa7Ovx(JvG%(_ z?BVuMsA<>6P+YvUw8LAS4v!Egrso|S+jq98D~uA^Tbz5_WF*}PFg#Xg*hp)Q#&-#O zoVHSH*Je$cc!mo*g?`Uk0IpKSoIIIMs|VtdIm_%q`#w>-a%-!Ci2W&VfaU6&B&NUF z?6E*l`zcGXNXmFDX4Z>A8b4r8SYSCLOm6io9n_iRj6)JwAc0F1CT3R~na(UrR0| zT!+)H?PnY2JX=?(0~nmT!i+C2OiK`|bVW6~oU(>A*7@9a^2|~h5lg45D9Y8IeIt%+ zg|+B3s=HeP9oe2wI^Wl_ZR3|GtGA86VY#|Ck~}$qS>P=(FDVbzl$$&hCHplXq_FFA zW+O=VxOy_4$-gq}-)Yp2Eyoq=@{l=oZHc2=`zOy&?H*HkMnjg2ZY3+WRyBhAY1BF4 zE0ruo*X);zxI?;)^hAmld~-s$it`i;67_7K^=_?`Ydok8L`eVk076md`g7=wpfmk* z;Z{z&(k3UUk*8HP4D^va>KGJ4a*ovNN3`#G16oNT-<)oxfj}~!k9!rP$E-J#8GJ`s zhRfY%ZUW8GeAcUt@1K=Cb5n8dxoZGwL|A-21H3T@597Mljd* zyyS`(KAsk&Q_J3XcYsq&h2we_HNe}6)oq7jRvuCw9aQjMAXyx|BJyQ>fKwndy5_r3 z2tE-x+WQ)34A^jYj-(7BXnied#2K< zY2CuJ^Xx5fw?3*4b2>AP=)ErDmk*%|IA;5z@3TImKelfo9XGjba}vGt zsODd1PzxjMd@bNd;}82KRZP2c>W5`2tSXh`)WtJ{^*@IsC;X+Hs6I5$^r~p1yZ=qN$TXUvV6xQDLVI$(B zB+JN7v1GAOE7wf9q|nmCsw}J1!nfngq3L}!b*vsz*PgkMi;F%D)ue|qtw#TP^mNlL z(RP#PF?UwC9XRym;x?IkB&<`6TjzJ}pz!C>)JBu*1Rm~(x00%gD+zJ7OF`e9V#{9b zI3UQTE@4zpnf}#_5sTsdMdRqc3jWag>7oDV++?8$d#0xUnAP3Zvt`U7%3>YQi0QIp zr+B&td5<8HBpUgA?2qdqcutVT9FOuDp3p?Nw+vtNj4;Ep^AuYeE`foyLUTtV=sy`?M<_rv-#e zCVjk_G0vwjLY>O>5-jMI-X21C2BD`J>Y&9ndpyqw@FZ;C(M#yL9{7{_fDX;pEjii5}9A*M>^tja7FQhzt|ztfc~(bS{xw)eRNW&)Fs6pFpfd zG(MotB}=zy(KSdPw_}fktUW-oIjg#+Hn}vr|zB~QW37i&{wcnsB zf4{`@<&AWPHqwu!xFHA5-oZBl)gM`%vT1F8EkDe%th==1?|G97L-VoP=*l+JzSu## z-;c5aS=NL@#Lrf;3GyY9!?^36X`%xu?q1}fiq_rRHf{SRBEB{0%FI=G2){x~=T&HC zterRHp^tpd%@Am5bBB^LkT&O0s=Pm2Eu8z>&O0*9rMY*vkTXgIWGejR-tmJro=z)B z{aWu}WKohjOvY|5ZT#@mQo2aGG{vv~M}3M`v0!t~&Ex`sp96QyzNB=<5jbEXz=*LI zrfeYWU|3&KpuV!^&LQL4k+Q z<|-`(Qz{#7AS?`9@ac%K?3LS|OL%#sI81D08n2K!6wFgk)SJ14#AnDp2E}+dfn%rn zRHUx%vnu_P`gI?EqEgMYQH7j>|7Re3O@0W&q=ps_)t)>iR2Uj5TBb*X41CQvce)oN zr{k74_+4FAEXBBDxLN)Wv_$=3%$UhyYfH->GvEm@DZe2wRvR~l7HeW*W}kTc5iF0z zN2+cJ2vps`278n4!tce*osk99<~@_w>3dHx$up86o84O=#Ag}tNz zgZc5wC_gb|uV81KBHLVT+Ft?@7T@A6CO%WhPIn3QjGGCw>8eiQdIt|CvFEYU-I2O7z*|Zuzu7=9eBnD0WDXJF*eKsaA*Qi2n zC6H~zB|@zGhs*8eIuV`U6Eti`DBXoRwa~>@1yPk%_OS_3sr0I5`1sT^eAe&dI9$KZ zN9=p~Ip7?@{uv3oEmhaDt6nhM=A59RM ze&)Y}@pPUAdP*xrWV1H*sxdux>RN1hDiOyn{n5Tuytkyz;E*HC4m1Rlp<77{3lvOIxUz2*g zG<|DRB>-Z83HnPnf*jXxUg^={+zk;^y*l`w=vY#?0v(o%!??04?a~kku_NUJskC_q ztzNps9HDd8w+g~bkv-(bJ=#5Rr8Aq;%&M306z~~qiKGZrn{N*n6^b#kWKw=9ENP8| zRlJy&9bFVFkmZ)Lqr$${FiwKRViWjaLt=T)AOF~gX^4x-!=R1QB7?zXi`tXUtX~=4 zVw9|40!fKG%r39(fO=lZ6VFsKdsJtmsS<7rV#D$V6@)@0&qn<+d2P;D0uy5ahcI9H zj%;Q-4dC_{-49HRvL9&^REHa4!rJ99OPHU0mOC~=$J1X_((dDm zi`=uZ5mtOTa8biOtRNPM4uh&cQZl{+r$;yv)^{nd6p4hNq7U9}x9$so&Np>6v#A=s zRJZutE5i`RUKP1;H7*|akyMIOGgwzoo}2;hFi`m8_8f9`#>@qc$vSx@d~QwAHq4|F zx3t0n;L8S8nM`Ig|3rmS=@T=LGWufckhXMBJk0=T3mD2;r3Jw;DVIm07b`b?=w1#Y>AU2(p=ev^-U$F!! zN5*A<1bFeC&TbsbpctBW&4}Ak1;UyU2I4|~YE7650UA$C_f+Q=G|fz+K&o56jMsG* z%Y9E$xJ@uArIqk)V`o}XJ}BSvp+omu7QA0qFKyA-rnCr?9NF*(g9XGDAo22F%4%xFCt*ga++k>%-^h}3-jzW25i-*Cw46&!kdaQryy84=UF zUYQAYkNPbvQu3*P6`q<#XAu6uK zyE|(Gd^L+F#R6Ep*=X1oVci@MD({Y_Di7+1YVOA7L6*YnNM|e4nW5zQvYB<{YmTcS z`?&c`L8fN$;w)6s)dN}=R!*49Azd*{`*D0YlH{Suv&$bs$_uNOcw|PBn97&>!HV{m zM=5zFZGFUb)s1TWZ0}YW&>Z?D*;F!UAn(5KC(&U*KP-|(MVY;HTd>OQeCPGH)X6v+ zT5av7g}pnOpsY85|C#l6y1+^k(Yld+rtcHjN545erjDZX^cJYUR#1K3Zm~$)V?;30 zoX$w)3wV1ATzy&2O_G;ti;C%?+tp4u*mNd>K1WY|h9(V8$$|&jOy{3v*<4CC?jPGrUJBY*e;#UA$@$Q)s6}>9=;7)m$@6! zjMSXo`|)QeEgdwCsVM?EZ`qXqhsXP;vLSyOf;`@Ba@xH9YtiaDmRNN^KNr1HO;@nOx% z7|3CgLz918_;p;Iv2vS8W)7uMs4QYOUyvYy;KaR=SqT9{#tL5bYbM4a4*bYKEEJ$| zP<)X4(9H5n?gu?Tdjt{*bTclM=13r9uLuT{9oBRyi% zoKYT#0!+~`P$$kjT5Tx4=hMs2kHPZ{c*YP0SQ|z^z_*JB$CpYfkiZjt*ys*pdw7_cES7E^c$PDX-?+D!# z2Q}?(fRPgUWmJhgBPZkcAgAK~*~42wQP8K>VKtJ~bq({|8vq*#af&NWp!7I9MEpta z14O;PkKbiHF(0`W+`u*J@Y$ZsZUmg*^-&pQrQ+2 ze4%lY7*lgM1_~S=Hx~cs^=If9NVp#tdh%gp=?jN%mgkYs?CEFF9VG%LPyjO7g{5g= zm_eyB z$zKE!`W1s5?LrQG8fKbIr=FV3^k@W_FQ;}=E&8@AZK%8xBacO|TheepuWxSLBEA`Z ziItSJBm1^?)RkD5A(KQDmnv51YJ~018HvddaU}(Ej&xxTcFjG)h8>H4f~jw*g#3D4z{BaUzcv>S%Snjv9!q;MBVatQmRP_o~4&3>dY$!Tr+rY+8Xx z2qnw`rKE!H#0OxX-mbPe=NH3XzSI&gk9!3l?BipOTVe_ zBhT>*F#0*esEb)ytj)K*z|5D4vz7d$-vnlO5>o;TWzUT1;<|1?Wt+%W+byz}oZcp( zc#0TWfv7i$FqI4HJPzHb*h++BN%w=QvxvJE0naPe2z^S?P<9u#Fpj4 zyla00tWYfTuO9%&@ExC+#+#8|oJm}&?03!AVhAV>w={CaVx zOINF%S*m~b;hy|BtMv8tH71a}WBavQOAEv29sne3dX?43@?k{D1mY+Rf( zyq>$S-o(^TW4D^R1atPYAT?jRb&rD-W2mVo{RtQD(o>10q;%#$KJ46YkQ&Id&}Eca-% zXYl(4S@tJX&7S`SZqS1O8$yE`@FEw}6{x|b{Ai%=O&y!}>96E15+_p7%o>I6JM1C7 z6jhIqo+uu{4Qa)nxnNmdu;>)3xeHju(&(t%Kkxh|@(!BWL+y3~h%5eul;B6I0^&ca z@uMkDaCF?B9us?q5l>O?%pyKRRhF?YlEba_;)c+9@ zboV=*?w<<6TbM@uO7r7sM5NKmyOKu9y}k7IP`VNH)d@s&AIMg39qi3;Y43c@lj!=4 zh)40c8j+@cpFw%^^+GazQ|UH&cPtHR1>{3)+FJj}Ij<+>horL=`>r z0wq)be2@K69SZ>D$`yKrYvpI|B7>eDVT_-alOx!3QSnqR$At2|2Vv|Pjr3L-Vnlmc3{YEZ^f9N5Ws(6>1r&J z2&ab#Hmmx1sO1x%m`vZn#cnacT%uAK$-hjc5x%W-romzmi=-(xmQ zD~ei3d-+8x_`ijQxQC#HgTozUZ9fS2JATe@J^grUWLvSE0%`{z<#de@^Z+fv-2?=xdqxoG^HDy3)g8bYeCf zRf+|s-PT?94k0#=IL^wqh~8l_D*`@txa~H6`%jL@rS@8^#rje{$?&Dj`PjRJ8<-aR zMh^S1Qe6-r{XCJ=e{6E9qETe9s4VdmWGo~)k_8MLm-=)Y)!Wub9JM*T5TL5rQmju|1!BRi%62Zs zoMdA!wAU?HiY=4ReQ*=imR7TWi48|rHk52zEZ--~&vG7h0@Ft&9k{HALPh%0zzmdV z{%~V~#TSqKtN3NqD_asb5;oVn8=1&5*N&M=^o7sP#U_?q4@fL-kZc4D><9$B0KX{3 ze}E=LF29jeSV!->D32z$DWmiwq*$XjhYAWW4>pH=Lv}MQuSmncP+I)20~CSLvLcaG zfgf)@=<&GU-UlNxZH68P!Zqj{x-l8F@;`*m{RRdU|4yxN+1n;w$Y63=E+c6i%*4$m@TSwl8NUa@%3J8oojw$i-o2)IjU+0R&Q-_LSmwN9xs zQI=FL$I9)OPrVcRz-Jr=aqpMj>KX6OM<9Rp5kF5oK8D$ChI_HWy_5HSXz-NO@r+jC zTX5NU!ChjR+WN%fywyq!E{Bi1J1pif*{e(A#A9#Zj~D_%kF5Jk)HKP2_slhpH{Gzu zYhw-sEz9wYR?-K9@eKJy`0#09vCe$yz-%x_KYu$Y$=rbWy!Amv>B-PcGwtul{YeZ# z3tobp_UUugM7hT6!L~PzwahL~D%cP5-?4c-vgwUqnkxpvA4hK;$REvaA*eK3qUw}S zb=rPNV>-V)1fN|e*@WgX!NQJqKrMJ?)OJ**8hO4$W_7Kv{W6t37Bwn|Cm$z** z2w=u$&cg_@Cr2Ry{nzEK3-%)uda%>aT#e%Fm(YrVk`ve<$9n54Hiu*46- zLKDhkw*F+PDBa>H6j8##C}O}cez=)M127yBN1Oa!cwJ-oi?T|JWVS->YXDq&K4#3W zyjxY&N!Sz7y1b7VpY2T;FZ}oCEkoS8NOS(~#!<-=PK(7BSq6v~+uhINNkkbA*q@!R ze7dN$D$KoR%9JGrWYwu1&v_>HI~QwIz`$V-n3Cf=R+=5?#JcRaRTS%R!D@(^0sb6Q z!wl@lP?-dT>~m^P&`X!E<25$ZGN$W$__;|xj-NW>sMWf-8`ixS#y5602h$%#(q%Jv zS(0CEE@jo;9yzYY)1MV;U8ris>+EFe2Zg~%`TunxNqOabPJ2hu_4ltw&T(3g46H|@ zs)WFtf+6d=+8;HV3+tEu%aJ8dPGgw#N8@sbbXhp6l%)*lu{8HCn2H zHV#<6E5bpPQP_sLUJll0LF{7tR=6+FV7Rj$7~H;!cS-W19B2ruDIr;xfAZL8@Ih2q zVx`Kr?pkIxkaG8cc-!>+;Tzl*P|`)PONGNHP(ad4)MSI&|}xd1xesL2V-KOE}A_CkwDQX>$g;Bd5k zJob_!^I)q|yr`yu%jIgib&7l`&Q%N{rn$;Y)nH?hV*j2+J8@s z2MkBvz4+6pugsRnOXv;24ZsK(pj()LS)!{{Lirc7@m<0yIyV`vcwS8Gr2tPHB@H5J zJH9nn3TwkDU6;0KuvJ>9JB;>3*ZGQQU&OvOdD8TsemN|~aOIR_D}fv~p7wFKCYBMB zoU7h&J9ybP`Ce?}9&YCCvWdOIuNz#US)F7vYy?{XtUlHBK2b+HsAy*@?Rd5_+q1Y7 zDX|+W_H|cAUwZC(&h2Eo8%F+91@*7G+#NHI@MF30?o8hKz=$NRcAUI*2dsH($^Q&^ zhs?jm8%%-JQ(A*l#l2aH-J@0#gN9K1)2!6TI9@Vs;4nY>k-<_XDN10B(*&bZ2s;Ep z6g&-bA!NpMp*-F`{!;OA?+x#%>dN497ie+t82?$bX=&85AfC?Uujzoow=nynUh3En z_f9`t+N?|R@6`kp1)99e-vRj{apEHVBeUI@*{*)7+=a`U7&;AFe7G6$ns&V^ywAr; ztg5Kem|@Z3lwD8t13Jw%Z3gRJFz&YDNRtxvW{^(4i{VUk z*8fldwAGYYoB0Ne%!FQiq$(vvq4oF_Xdit@y`w(X2A`+ges<-NJK?TwLG57U^}%BM zt0U$MwYv7Lq>=OtLvpu^X+4hKrV98jqE@?u3cg-hVn`XIp&p@lBD)h)S}6I=A>=L1 zft-1=?F@=v1}t5^Y@)ALhw)ChcT5`mB&(W{@(^|dJ?&*{J+ zrKhESDVx!RuU8t;8`YW441o$i&sp%95fiF2Iqq@P9iLoxsBG~_AH{)%a-q0IaagRO zZW5|b#$O`BM1lOiUPNIYs3Z%nl5R9z+;ZCb##m?V&|Pe#gZwoL^fVqlj`0HJ!F8$F zJjA*^D61Ae6!*(eDUjA9SKRIPxP(!)XKSKvYyr^w=3M0V5{__RWP4L5JUu=4$CZL+ zK#uD-2fP|CKB31JR79mO?=S5HHWH3i2w|}Z4_o(jFV^4fBM~5;(LV?vi^5#PtH7yf z;%P+&2GQf=aN1i~8++i-M!NNx(r0Ua#pzTTRb$Hd^dHZ!q_}u6#|%yfW(uFgGq
~}wfF(V`Q9aMek8K?f5Sc26b zbnf@PoWCa6Jv-uf_i7dFHq5 zb25JUlXkn_jOc$k)c>!d{G>s8eCPOdf2$e}?Ih#qqKWq0FG0sZpcDSJiWBY67OXyj zw8N|(7Vp@|<9!kUb@q5KDtsDr`L6+fe;|SYJ&-<-ktG`s-O97yeN5-cI3hg$v-3pW zNDx^Z`jr0`bb`4r9UNU0#@$*yrRZ+J^Jh0nby2*={MP)=ZoXYLQGOkK(XnD+(1!M} zE;I_h{dfQV{nG>tsc#~AA~i$GgW=nif&W}fhE^uk`1_-b9w|LN)7Cyp=R$^EKtn^X z`yc)BK9B?nJ=zc|(;|=aUzqm6+96Rw%k{>L^hn%qoFBe+?fe-^5hQ_Zii0=G^p{a- zz&yByAuwjU0~ccHQI(~l=|jrHZ8HBDH!p~`X#TthG}mqZMT$S#1Vyn1j@<$>_Fn8C zqx1j=8lsn(Y=#i`hlnnqkLigTB+35aO&csgZ*n&(;gtJRrYP`__|X8~Kb*;H94U+P zF1dJ*|37o&Urve#^e_kEfX6?L%qs-c$G9K`oa_$={eMkK@1zJBC+hd1SPI+wGahFk zy+4ruV?=SbhTu;-5(25}3p)G4QAL4u8i}g)`a|O6pWEfA6wH+4-(K(Wn;qZ1`+`w5 z^adly-rnA#XVH%TG+IyrL|J?rc+k^k|>nMH$ zWUv2Dw*|JZ$rm#>Rezeudjk0XF3c;HgCaI2=|%*9cpM0f6ARE`tupZM!vE+Vkp#3H znkbAByWpR0JPP#Kc4vnLjz2o+O-alzk4KiY2>pjtFAh|oAMY&!*8l8Bjvt7KO`NXL zr#~He4fs;AkZK(0{?Fd@TXql%aHW;^Ne=&Wx%mH5v@a}1xo7fce`um1kd@DN=YYxi zvd8&@hX)CeAV2O%iAFL2?l2AWF1i+xfII5-*)wKdTapA=ed0D+-Y)5XbV1?;1Fl0K z*YmS=>@TO##WT1~4=7eg{D}zI9CF&0voatOXvsa~+GS7zs_f>q)tb%1Z;n@aG<%$Y z-1}FL`!x6swhtEq!I%sgz1M3FTQ85-z+#(*RNsoC%2caImRm5*Jh|+TXn_TUW2qF$ zfy{65LUgFnBfklvFZdB!&?nh&cCDQW5}E8Z?Mu-UCG=m3P!py z3qcf=8licr0Eg@AWfI^tz!v)4xn1A$us53OBYStU7+w*$@OHOs6~pW90({>U53(Ei zy+Lw=R-*M=C!5R{h$M-^mNJ+1Ba2I?uqG_ke;3L7sEsQFMu>=qG)AMP<8Zpf*6gtz zaO^`X0BleRf}9ezn&#Nr1b=|7ihle|o}zAA<{C(gN%On7VExF^td3J3+3EY6RV-~% zC%=PRBhQRO)MA?&?4!X2g#xgmX`rEIx@!BAWHPsN2)E0Pm~y!~l~vniK&fQg+sjtJ zq`_EPbB*2pJ;C8IF!8fHQ>+-nVk{FmGbr)a3ejepjgQBr*(~K3fH&_nhuznJ-ed}_ zjipqgQb{ZtfyXBMyJqbEXd36Qk>z&RMpm<%3^ZC*F)(mR$ySHc-K*VSdyl}-?rG6kZv4_g6`0R+Q);>DVk;Cp4(!vh2e$jeab>4L zUr@9{y_r3*sB4(p%_K;(^`?)Fy47G9cIn_Pu>NcEBarPj5eAi9qFmjcHI&!=Y4~uu zaP)crVTFFF@jPoq1S}8G>uA^;06#z_(0<;2@6Ef`;U0Jfj>QP{Ehj#2-{B+NHHc6f z;VB^bR-EKKMyf2Za5Ra6VVusF?{l=K(*^PB`ZWyd(0U+naBy(~zK||qyNk8^d5VK$ z1f>jIDmS|+l@OT+DQya9@2OSi>zx!x)^p>)8f5l~L@mHsK!yY?{dhkqy9VURkB$B$ zI+Xt9{U?wJxbPP~x09TDgE?Iyy;j20?Xe`ntqYvqi7z5fs?amA@3XOorpZk10kj$| zQhJp4VL(|!GsV+!`7IG;TD8h3WD=zFl{$&CeE8JB!mqW?bZ_9>>d@oB0@*at*pw!< zqLCRuB0;8FO_MK@N*cb9@CnO}mXfn(O1nElu~Wbbnw-`fi4!5m+>Xma&C`YB(0<2= zd?#^%h=fPS#8;P$)ws=AkkGZf*(Kae~5D-cRabbaP{`P7%=aadK zZoukdEmB7_#c_l-RaStlzF<R-yp_KRL>&I0jU42y6Z>l zd|$)ar(paq4em^pyd5sLDS6VVW2Mhnb7R1YsbA}j3IzX8dtV(@RoAa8B@G)Sr9(QE z5)`Bn1SF(8M5H^UyOETTMv=}_x8#|;-{<@C-Er@@=if8NaroC_tg+{s zYtFfTPt5sfa5`vQ0n0khz+NXSq8hj5l=rLomKJFxOa5R;1OkGjrLbBdok!F}m3dC! z-cRm@c!BN0uDvfxbo78CtFOMts36nq;bywrHxMsb)zX*#NN(CoD6fJ*KW4^T#AeuN zpMcq9;<&iNd{_$XT1pp24d>bCv(zXpO2>Ab1|L|fk`9FQ#G8!rfJ1@@68@5B^OAC6 z@sA!-*Mokgfkaurz4AMcA)0mj4$xD!#EAR6<4nu88w&4SB~iJf$FzcRE(_J#?EaeEvVx4ch(wl59v9<#_|sBK_YgoAho92M^_+PUM?7i0>$P52nA&Z(IGQM zm|LaVC$M=mm)Ix@q2!gp9gwAliKTdq-dA*KKT7P8r|?nWIV_=&8k{++9F(Ql$@TSx z@^6r*J3`K?R+QV!@7E%3*w;oj0eDI|U&KHVA^DllhF=#ND!kBu;egT4YcVq9U_}xB zNSFzgf!6{Kw|Qo$0kXSmkM^0S_$6#F-JuC;`Nb1_``J}=F_R>c{_D-T{Y|S<5_A&RO@fu&^wvVKQ z5iqmaEp(4+28JWAT0H}y0O~~=N@*u688rGxiL4-!8un8J1e7G3wH!>?^dL8@KsG}Z z5cmVYao|reM^5k}&|$gH@XTKn!l_%Y;eNDEn*DZ?{H7Sorb0lQ zSAd3pJ1jkh9XioOqRo+VZ?i-Ax*3_6z7{Q~RJ3yF)XIqX;8F>z&Kyv$W6ilqO@)JD zP~2(YaG4qP&aDS0Z4t=J+#6{1gtYX+iK)~{#(J-4qO{L3@@bAUAwxL=( zW6x;+(R!6Uj=QXt^$#gflSLK(*Gf&B`{CJugeTy%)OWw}ygtMiTTrN@m_TtKkJ<@r!xvc${z5 zyoQ3MGr?-2I`zWq_mVmk!Y$)1k{qbF?K9UEURu;pa#jH%fqhfyh%`BM1oXW#*z}uq z#^5hKIY;w#wPW*Zg5wzERkxj9ISOYh6>CAYq*#sn!U%gGyzWaHYI=uT$yzdwEZx}F z>1xPhQLvn;KjWqKC=*}ZqeQ1Jd&1&ZMWDygsNf|yZfmvt^|?}=afrS+R*seNi~w=M zWoTcuk<{y@>#lmRC~es*A+Z$}YuCUz2q163WGf?ONw);=JzE!j_Y50x50;^B2_r$R zR${+!tmYkXeMOv-p4iE`sOdkL6cwmu0?W7DkoNq%qx znceUCP)qH{Q%mXYv|PiMuzR?Y`jQ`!H3*`7;aAkHM?TLMyJ*93Tm4}OrOb`@a_!M( z7B^{2ssOR6zINGf25HaEP;n_?Wri6AT-l`YpK5)G3d-Khv!~nbc>ju@?n~j-u3Lt_ zB$}L+^a0afMXj?PCSxmRztV5YUZB&jypG$P^Uy@5bXu*sctHH(YOjY%mYyR486AIB z(!UlLj9}I1fiJlZD^Yyilyo!oPJCD31J$c-(`35eCOo-ruoOr}OTw;IB~zN!<}y9q z^bUHb+aIC3#%4yCIX^;vwMFQgral5xD6<;NSsru!mPcHIdaC$3 z7Xe8a?&rEa`S?skc>mqedU5)3Ghdji$ve59!&hITMLuGk13FvPdQ5r<;W9{1Mm8L<~qXCA)Md+d0g}7v22oLh(ex1 z8Wv4heL7L%`j#7$r9aimMga9l#+ajILoHOPXBQYhns_1@BDa~ zVk?A+=-r@|hcwnXTG*^AJh=qb&Z)$Z!lKH@);pzq3qt5C2>4ypo^(F8RY+vh4Dq1r zAf(b5;I};0s+-{%y_yQCjF#L~N~X3?LpRFdWV%Oz%-t<6SI%9?Srg)U3N;+`%+D<& zeP~kV?B6=i$wtnqQ(IPLH6gV=T3DF=*5a)Q=aXM^3>X&dSK^8(Jeo7eyY*_GStSw!dS)!Vsee4j#+W-^|Sg=(MC2qH& z(*#;^Y5zE8abt{np_)AOj&-P(tAO0@!SJp{s)%=Ur#ev-gS?f#;{7oL?Q$cOWFeQ5 z7wUL|?+wa*eR`1YTr|G_u>!#61{xui^A-bC6>M-JX>C-=i>k-EB2n9=la5+NO#*B2 z+ZNl(JAc*1DXof(9HC#1o?@Q!yYaNQWj#;fN#+A9JxWa^ zC@&|99Ln{O`1A|9f_G8)yg<@f2P&MFg#sABxyUMCZ18lPLr^AZX92(u`LU~U=yx60z-t{G2pO{MahXB!9+5RHB9ao| zt$oqTO=*O0*wh_KmLtiemmEpLtrKk0p+cU%8;nJo?H!1g)p?)ax`60c*URfK6yYMl zX?Aw=!-}YdlJ_$Yd#wQ*^S}is;G`&727@z5&zQq^;tz0mi04@)!@gQ(@lBi z=G~8PbpIX3J9t>!5y*xSWfn0@e1<=s(chhPC<{WM3X#^hGxZ!z1RW1qDPV`8!`85g z&#*naH(up>)i6-6af61_Kz z=>I|kpO!*&R@_5eWESCz+y@T#7@>8$u9Y!;+_x^c9%ewYqhFVcrT;0SX|^BTgYNq2 zlYmRf#|pqT9pt4>QSg?uLFb-}2YVHG1PeR4F@Id%y2qB1rD=rr^eZke1oES+X{T5d1)Mzpw=6YYppjYfBWwnVm@Tgf*$}x1oy+^x9ccHS3_g# zClS_h#4>5bade^aFFbbMnKrkYeod84FgIiC&=!dbH?r`{fCplFuNLu`52fT8xapS} zG&j4^*$2~wqXlpayViHJ%A9l0x&AE6Ix~j$C1KkIBg?e1qBD_&{tkBz;tFEwM*XH) zg|0&uGg4t%2>D-CykRDb6QQsEI6c?~Rg;W*nWrag8D ziW1;KmX;3tUP`c}5woc87ZD94p%18^zkCyvkF7z^*EMJg&~0>-48@;VMKUbDoR=hQH`$bMs}X&A z&zYB>U;2SoX#yTP+7}q!W^oTW+AFqedZ<#0$zZl4V)A34R(`Q^kuS- z-_4Awi73+;&ojWxYBASobMshf+ecF(jS0|b0;X*&Lx~WXv@G3lNjO&k3DNEkn1m!H z(c^hzlF-cwkIzMCaN&89=9Z+E5PDmMBrae1DfrpPJy9w@;yOl`Gn=nk8KqmOC{u}8 zYx<^(Euiu^Z2&o-w6$58mEWP0j5k+k4-uaTyhc;-`a)11B z{%%_2=JBq(?e?VGxH^uSi!^+8_b6Q*uvHfy{vu3MqI9gZ!lx)O=~w5kc4VTkw$CT( zwfTE*_$*umU<#i0Pks6?QR|c+{TYd(22>k|CA=JyEc6*xhuCD3C_2Wxx5E&S4gVif zp%0^Exw=%wuHNB)ihz#vfCQ&7OSq+00(-$dAUAT&85!QD%U5N92q@Uk@{g_NMs8#P ze79kHSNlI~^fSc47(kahetZ=bdYhPk0XX=MfbhWE0#P;{_@PySLh^gJIQVBtfWi+( zC&s)jSxHEP9~!h%`)h6e(=1;uATZ(F;~-+Vr6q+#fgj3QD6;?K3i!(dWJn91lR<~= z#VuI?LIK21=^o9cq}ybF`;FN7qE;j6cH;%{fmRw-3HuNIA|MnzXOe9>*X_nT(nB6S zyh}*nDD<$vH0^e`&_kG!X(b6571Mc?1$$+0_k&C;_3U$Twkbxeg2~w1LLJ+UP?zS8 z^YK<=TB)BYS-zhIbo(DASf?ut&41g~K+&lQx?5Q2h+N>-v-yaEo2lE_Z(kY!9drCEf2H;I<6wcC@1k4ZzT}Yz z#OeWsr>F|IUVs4*4f$mLw(Zi+$`#+efv_zjr?4xGT?iA zl#qa%vGMB7TgEMt=@mn*8Taw1HH4~p^NAKFUb?&FaXGic1dael-p1&>`BO?Qspf{c zo@zLe=?WvXEb+X$sJr3wL4|J?XY;hxtxtQh)~@&$-+B6Kj(lJi`4g`T4WrHw8g66v z?UwdBhn2r)ef4wQkM7?Pe9U@{xvC|ql0ZN) zR_RU?9@l|HAsu2GW1%t8y6rE<0qx*hBpJV>JQ<(mdr;g4p1ECLc5`ThEQQ2npJ1ea zjF8uN|E08`v1zjPA%n*_3UWN&e7rVNUdiv+^%-}eNAbNwOGX?v8N3%)#DfvAQnANd zLP@4Ti77?4;QqBYqZjS!^dU}fNg%XGd?I_1Mf6?V1{?Ao*<+cS)y{7v{QpUPag z_Eh(7;u3>=iY&m=COgwp6*e=J`I?2FtKJOCT2D8c!xsvoU$@zAXYNcj9KEl3*z{nc z+LLw0t3gw{7)T?ZEdXcK=y83ClR9v`rG2AveeiHQsI}x355kJ2m9+o8oVxoov(C~7 zclG`Ih7w9okh-0<;A~;+1U%xgut|^NnE@IF%4Byv~`gl9vd` zh2B$){py)<36@$-A25UqJJ$|k+UbglISoI89Oi9eps_xQmLSBl}#;S zJdoa0buRk-KGbCRvrXSdxx?wM;o6U^9ApBPB4jf;?oNh&P$@~BLqItL2^KURNY~YS zx5fLb!6rjEDD!*rqdYmP2>`QX!C=*c<8KnhFe*~I0dc~K^0ZaaWqc+FACkz|f`;{9UmPSfYX) zF9)TyEJnckntN%b&>$_lSAI@zQA=4l{Z@V!p=^# z_#@Hx_php6e-2Lr>If$g-uUHo1-wPanw+-;FWR5 ze|S(y3OGTEwO=_Oenn%h3|QC+*)KAUTKf>Ns_C4uMA;Uiu@~z$sA<0!Ii2+csm0*n z`l9*i)9zMs zH$s@m%*rnw{9t_X(Ln3-)EXV76o^@51q=G16M^!9qqL^qAfraJ+4qzOJ0qo>Q}O3_ zhrTG~#4mv}sAP=yCY+#|+c$CzigO*b@GI0}Y%xypE~~Y!=?(FCe}jsRsYt&iJu>0v zD=Gseg?Ofz^3E{uFxp`oC`OM@9U;Y-CSGD>GnY$qPE6)(P zc+_4;I&4Ow3EVKcOInc4Va&aE`hggginx@M{E~&2bw8r!>}}7Ftsda}2XesZRftxb z&K1_X9D*?0f!>{KJC_X$T#(LJ&5w0hDe1uv%K)RSiAj zIFt8D;M8INK{<`45mzZpvJ}f?=&_;p-tOz)wT=(*z07k70Y*lZ&oBH!kP#3ND%?ju z_=TXbs(Z~AWq^QF3 z1N_ye7s<-j%-j~IgZGc<;_vs@rIuxKYgXhUViv|gzR^ThM3MQC{DypBPO#`s9yW6< z2Ray2jE+X=KvexxwnHR;43_@AY{_s(QkS#U2qc{syLR1c#WmBabMT7Q;|LMW3X{LpG@scuWjSB-;4PGdZ%VFehM8~5cRDTJc54&mZ( z))Swr%kysl%~HVc#sD##m&MD9GheqM@yZZYgR3Lfe(`I`!d3hIxAYopiXR2CaOWy9 zGvecd4^N`2hyilO~t?qYcfG;C+@43^ZKMm=l zWkYUSjn_xym5)aVD{TZeca-xK0>%F> zKoB??0TAd%*Qz&3KHQ#?)_$PW1@?`+3aL~#>@(nQDx5zsDksD*D%^YZrF5YuYQvaq zy*<03jQ+I$hA^8ang+ zc(+jU7mbJLH`*;+qX#hd)6@<30Fe`|yroEK9wL*L`KuQiT(zFP>2IWpZ zN_3n&af0=fFv01w0T3+C*)J{;4UT(z%UV6^gowx9ns1r>u-*nPQgUXyHY90PTwNoh zy)pZ@f6wOxvMZ|;QFDDtSDC-&mH> zjaYsguclcn#!uDcM^-`Fpk`$yvk4jR@!EEOa}X(jFxO(d{uD+H(b7b4IK1n|Bp(RmI^ zYQrFMaS2Q|zJRV8$F+)e;)5`BuWi@8?7+{g;yF^0@h>TJB`$fGvppg)^ULfsY*8)V zO;lU;an!CG*V!*QM$Cbz-gS3Kiq*)M7}x{4pZig#9R`DqZgLc{*h(S{3P}cV+^9H4 zMOFBMjniRh!K=b`*WO2F&HG(ab4aLOi2`=>GEpBN_gO?zsC%BOjbdlnP_1>;rvC#( zc4%kw0v0h9o!90+vBHc}c*I`ye|)NMU!cBty0%=FOXa++RBos!b6(BfVXqkgqYYvg zR>RDJiZ#~PV9=3w$YSsZhtPLQ{NWrRf;fY?MONAa9Ya{GtVGp;{Dv`x=f_*Q5or$y zpKvJ@dY5~WmC@&T(y;_yx{)^wOG|vWT@;BBZVl|vB%2M9bdfrY{&6mI7XbBX|>u!CIe2F@b1&6TK7>{h5hJ#->**6l{r|j`TII#3Ctkl76*m< z%#c&oj$BDJ!aa`uIeE7AA{jdERI}9rd38uD1Wz^pR*pJ7lxJ zlLb~gEG_LvGG=^HGJdBg1PC<7GpGSUh5Dr>&M0ke|IEW3P)#Np88o==Raj0|X-1Jh zy~~M`ht6>ic;80+1jK{X%N^46I^%Am*K2dc^eTdP#Y|U<0}!FxMpeif@)PE;rXf$- zA@qt{I2HifG5|8GTW2}`04e~leQa(}>vy-6FMqFtpq5|*;E|oH_Rl7gztCvv4H|Wr ze*E?}^uz?X8WU^#KY%&|xHj|AB`W1lxeUsaRxyB=5&au(KSJ|!aE*T@E$236@xM*{ zmtFGozu$|k3)up|n(ubJnQSw(_#f{PxHS(M9P{#GfoXJ7z;1DGf${(D3C|LGn(%}p z>>e=RMpHgLR=w8vvpeEn%?Y6X$A8YM#`YW{k`Ao1Gygx^IB*rRabH|8MLgw|D*|Nl zpF&mU8PMH>fWiFGWdB`OEF)_b9ONUrEKXmd;xj5(0vA-`>G`{U((!Sef4zU2kUp!&?mdLSWGT_jb1%8bugEBDpmi>^glnWZFLNFGJh~ z@23jTOL{{bJsKrvx;@|Mz{RMqT(=$Tt!99AI`30;$h Date: Thu, 10 Apr 2025 15:05:12 +0200 Subject: [PATCH 05/10] typo --- modules/ROOT/pages/user-management.adoc | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/ROOT/pages/user-management.adoc b/modules/ROOT/pages/user-management.adoc index cecf04eaa..87f2aeb51 100644 --- a/modules/ROOT/pages/user-management.adoc +++ b/modules/ROOT/pages/user-management.adoc @@ -292,7 +292,6 @@ The predefined roles are assigned the following privileges on the instance level | List constraints | -| | {check-mark} | {check-mark} | {check-mark} From 36fb22d834df2cbea3a9722fc4217dc1c09f487d Mon Sep 17 00:00:00 2001 From: AlexicaWright <49636617+AlexicaWright@users.noreply.github.com> Date: Fri, 11 Apr 2025 10:57:28 +0200 Subject: [PATCH 06/10] add metrics reader --- modules/ROOT/pages/user-management.adoc | 26 +++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/user-management.adoc b/modules/ROOT/pages/user-management.adoc index 87f2aeb51..b9f3fa680 100644 --- a/modules/ROOT/pages/user-management.adoc +++ b/modules/ROOT/pages/user-management.adoc @@ -159,9 +159,18 @@ Users within a project can be assigned one of the following roles: * _Data Viewer_ * _Project Viewer_ +* _Metrics Reader_ * _Project Member_ * _Project Admin_ -* _Metrics Reader_ + +==== Metrics reader role + +The `metrics reader` role can be assigned to any user or service account. +It has the same permissions as the `project viewer` role, but with some extra permissions specifically for reading metrics via an API endpoint. +The role allows access to metrics for all instances in a project. +Accessing metric endpoints requires xref:/api/authentication.adoc[Aura API Credentials] and the `metrics reader` role enables the creation of these credentials. + +The `metrics reader` role can view and open instances in the console, however, login to the instance is required to interact with it, with access to Explore and Query defined by the instance’s RBAC settings. [NOTE] ==== @@ -171,11 +180,12 @@ Each project must have at least one Project Admin, but it is also possible for p :check-mark: icon:check[] .Roles and console capabilities -[opts="header",cols="3,1,1,1,1"] +[opts="header",cols="3,1,1,1,1,1"] |=== | Capability | Viewer | Data Viewer +| Metrics reader | Member | Admin @@ -184,40 +194,47 @@ Each project must have at least one Project Admin, but it is also possible for p | {check-mark} | {check-mark} | {check-mark} +| {check-mark} | View and open instances | {check-mark} | {check-mark} | {check-mark} | {check-mark} +| {check-mark} | Access the Neo4j Customer Support Portal | {check-mark} | {check-mark} | {check-mark} | {check-mark} +| {check-mark} | Perform all actions on instances footnote:[Actions include creating, deleting, pausing, resuming, and editing instances.] | | +| | {check-mark} | {check-mark} | Clone data to new and existing instances | | +| | {check-mark} | {check-mark} | Take on-demand snapshots | | +| | {check-mark} | {check-mark} | Restore from snapshots | | +| | {check-mark} | {check-mark} @@ -225,30 +242,35 @@ Each project must have at least one Project Admin, but it is also possible for p | | | +| | {check-mark} | Invite new users to the project | | | +| | {check-mark} | Edit existing users' roles | | | +| | {check-mark} | Delete existing users from the project | | | +| | {check-mark} | View and edit billing information | | | +| | {check-mark} |=== From ad9b04d74d14d817b8ff31b8aa3123af47b5ccc8 Mon Sep 17 00:00:00 2001 From: AlexicaWright <49636617+AlexicaWright@users.noreply.github.com> Date: Fri, 11 Apr 2025 14:46:26 +0200 Subject: [PATCH 07/10] typo --- modules/ROOT/pages/user-management.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/user-management.adoc b/modules/ROOT/pages/user-management.adoc index b9f3fa680..483e95e9e 100644 --- a/modules/ROOT/pages/user-management.adoc +++ b/modules/ROOT/pages/user-management.adoc @@ -275,7 +275,7 @@ Each project must have at least one Project Admin, but it is also possible for p |=== -Users within a project can access instances seamlessly with their console role xref:security/tool-auth.adoc[Tool authentication with Aura user] is enabled. +Users within a project can access instances seamlessly with their console role if xref:security/tool-auth.adoc[Tool authentication with Aura user] is enabled. When enabled, a user connects seamlessly with a predefined database role that matches their console role, i.e. their project-level role. The predefined roles are assigned the following privileges on the instance level: From 654c6eb2b3a6f082104012d0f72920bd1b4baf31 Mon Sep 17 00:00:00 2001 From: AlexicaWright <49636617+AlexicaWright@users.noreply.github.com> Date: Mon, 14 Apr 2025 12:30:20 +0200 Subject: [PATCH 08/10] update content nav --- modules/ROOT/content-nav.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index a5b4c6168..711490b00 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -107,7 +107,7 @@ Generic Start ** xref:security/secure-connections.adoc[Secure connections] ** xref:security/single-sign-on.adoc[Single sign-on] ** xref:security/encryption.adoc[Encryption] -** xref:security/tool-auth.adoc[Tool authentication] +** xref:security/tool-auth.adoc[Tool authentication with Aura user] * xref:user-management.adoc[User management] From f069c2fb1b45552e08eaefc9baafe6644f7c7963 Mon Sep 17 00:00:00 2001 From: AlexicaWright <49636617+AlexicaWright@users.noreply.github.com> Date: Mon, 14 Apr 2025 12:33:18 +0200 Subject: [PATCH 09/10] fix --- modules/ROOT/content-nav.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index 711490b00..a5b4c6168 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -107,7 +107,7 @@ Generic Start ** xref:security/secure-connections.adoc[Secure connections] ** xref:security/single-sign-on.adoc[Single sign-on] ** xref:security/encryption.adoc[Encryption] -** xref:security/tool-auth.adoc[Tool authentication with Aura user] +** xref:security/tool-auth.adoc[Tool authentication] * xref:user-management.adoc[User management] From b68448e049c04239c4f3176cb0f5f482ddff6fef Mon Sep 17 00:00:00 2001 From: AlexicaWright <49636617+AlexicaWright@users.noreply.github.com> Date: Mon, 14 Apr 2025 12:33:58 +0200 Subject: [PATCH 10/10] fix content-nav --- modules/ROOT/content-nav.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index a5b4c6168..711490b00 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -107,7 +107,7 @@ Generic Start ** xref:security/secure-connections.adoc[Secure connections] ** xref:security/single-sign-on.adoc[Single sign-on] ** xref:security/encryption.adoc[Encryption] -** xref:security/tool-auth.adoc[Tool authentication] +** xref:security/tool-auth.adoc[Tool authentication with Aura user] * xref:user-management.adoc[User management]