Difference between revisions of "Access control"

From AMTech WikiDocs
Jump to: navigation, search
Line 1: Line 1:
 
Access control is applied based on the info of the resource being accessed, validating it against the info of the user accessing the resource. The verifications for access control are :
 
Access control is applied based on the info of the resource being accessed, validating it against the info of the user accessing the resource. The verifications for access control are :
* access to the resource type (based on roles/actors)
+
* access to the resource type (using user roles/actors)
* access to the resource tenant and guest tenants (based on the user's tenant)
+
* access to the resource tenant and guest tenants (using the user's tenant)
* access to the resources owner (based on the user accessing the resource)
+
* access to the resources owner (using the user accessing the resource)
 
This validations are performed in order.
 
This validations are performed in order.
 +
 
== Roles ==
 
== Roles ==
 
Roles are resources that define the access control policies for the core resources.
 
Roles are resources that define the access control policies for the core resources.
Line 20: Line 21:
  
 
== Tenants ==
 
== Tenants ==
 +
Owner
 +
Guest tenants
 
== Users ==
 
== Users ==
 +
Owner
 +
Guest users

Revision as of 09:25, 3 March 2016

Access control is applied based on the info of the resource being accessed, validating it against the info of the user accessing the resource. The verifications for access control are :

  • access to the resource type (using user roles/actors)
  • access to the resource tenant and guest tenants (using the user's tenant)
  • access to the resources owner (using the user accessing the resource)

This validations are performed in order.

Roles

Roles are resources that define the access control policies for the core resources.

  • They specify the HTTP operations allowed on a given resource type.
  • They are associated to users
  • They are system managed.
  • There are 2 main roles : activityCreator and follower
  • Users with the roles activityCreator will have access to entity types and observation types
  • Users with the roles follower will have the access their actors define (link to actors here)

Actors

Actors are resources that defined access to specific entity types and notification types

  • They specify the HTTP operations allowed the the type
  • They are associated to users with the role follower via the subscription to a service or the invitation of new users
  • Actors can include a restriction to apply the access control using the target resource user (meaning that the access control will be applied verifying access to type, tenant and user)

Tenants

Owner Guest tenants

Users

Owner Guest users