Difference between revisions of "Access control"

From AMTech WikiDocs
Jump to: navigation, search
Line 1: Line 1:
Access control is applied based on the info of the resource being accessed, validating the following:
+
Access control is applied based on the info of the resource being accessed, validating it against the info of the user accessing the resource. The verifications for access control are :
 
* access to the resource type (based on roles/actors)
 
* access to the resource type (based on roles/actors)
 
* access to the resource tenant and guest tenants (based on the user's tenant)
 
* access to the resource tenant and guest tenants (based on the user's tenant)
 
* access to the resources owner (based on the user accessing the resource)
 
* access to the resources owner (based on the user accessing the resource)
 +
This validations are performed in order.
 
== Roles ==
 
== Roles ==
 
Roles are resources that define the access control policies for the core resources.
 
Roles are resources that define the access control policies for the core resources.

Revision as of 09:24, 3 March 2016

Access control is applied based on the info of the resource being accessed, validating it against the info of the user accessing the resource. The verifications for access control are :

  • access to the resource type (based on roles/actors)
  • access to the resource tenant and guest tenants (based on the user's tenant)
  • access to the resources owner (based on the user accessing the resource)

This validations are performed in order.

Roles

Roles are resources that define the access control policies for the core resources.

  • They specify the HTTP operations allowed on a given resource type.
  • They are associated to users
  • They are system managed.
  • There are 2 main roles : activityCreator and follower
  • Users with the roles activityCreator will have access to entity types and observation types
  • Users with the roles follower will have the access their actors define (link to actors here)

Actors

Actors are resources that defined access to specific entity types and notification types

  • They specify the HTTP operations allowed the the type
  • They are associated to users with the role follower via the subscription to a service or the invitation of new users
  • Actors can include a restriction to apply the access control using the target resource user (meaning that the access control will be applied verifying access to type, tenant and user)

Tenants

Users