Difference between revisions of "Access control"
From AMTech WikiDocs
| Line 1: | Line 1: | ||
Access control is applied based on the info of the resource being accessed, validating it against the info of the user accessing the resource. The verifications for access control are : | Access control is applied based on the info of the resource being accessed, validating it against the info of the user accessing the resource. The verifications for access control are : | ||
| − | * access to the resource type ( | + | * access to the resource type (using user roles/actors) |
| − | * access to the resource tenant and guest tenants ( | + | * access to the resource tenant and guest tenants (using the user's tenant) |
| − | * access to the resources owner ( | + | * access to the resources owner (using the user accessing the resource) |
This validations are performed in order. | This validations are performed in order. | ||
| + | |||
== Roles == | == Roles == | ||
Roles are resources that define the access control policies for the core resources. | Roles are resources that define the access control policies for the core resources. | ||
| Line 20: | Line 21: | ||
== Tenants == | == Tenants == | ||
| + | Owner | ||
| + | Guest tenants | ||
== Users == | == Users == | ||
| + | Owner | ||
| + | Guest users | ||
Revision as of 09:25, 3 March 2016
Access control is applied based on the info of the resource being accessed, validating it against the info of the user accessing the resource. The verifications for access control are :
- access to the resource type (using user roles/actors)
- access to the resource tenant and guest tenants (using the user's tenant)
- access to the resources owner (using the user accessing the resource)
This validations are performed in order.
Roles
Roles are resources that define the access control policies for the core resources.
- They specify the HTTP operations allowed on a given resource type.
- They are associated to users
- They are system managed.
- There are 2 main roles : activityCreator and follower
- Users with the roles activityCreator will have access to entity types and observation types
- Users with the roles follower will have the access their actors define (link to actors here)
Actors
Actors are resources that defined access to specific entity types and notification types
- They specify the HTTP operations allowed the the type
- They are associated to users with the role follower via the subscription to a service or the invitation of new users
- Actors can include a restriction to apply the access control using the target resource user (meaning that the access control will be applied verifying access to type, tenant and user)
Tenants
Owner Guest tenants
Users
Owner Guest users
